dcda67858cd9303dd32c0c979030dc0025a457e8b52f8b1c76f3c99943b9b48f | Triage

Sharing

General

Target

dcda67858cd9303dd32c0c979030dc0025a457e8b52f8b1c76f3c99943b9b48f
Size

156KB
Sample

221124-agcnzshf4x
MD5

15c6913de4b47966ef0ed7a20dc91fcf
SHA1

703be70c224f7b05b215d436d844009172765fc3
SHA256

dcda67858cd9303dd32c0c979030dc0025a457e8b52f8b1c76f3c99943b9b48f
SHA512

6cad428571d9a839cd0c85c7fd544aa730f7f08d2ef9c964cf9ee9a5043b690f8e902cf7290771e024a5803de407c1db75cabbded671a8a7309cc9d5859da298
SSDEEP

3072:gLySQYWrO0VctCPmJIHE+gRyRSIuznLstk4oQZiEap2Y:TYGPctCrEaRQLpWkpN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  dcda67858cd9303dd32c0c979030dc0025a457e8b52f8b1c76f3c99943b9b48f
- Size
  
  156KB
- MD5
  
  15c6913de4b47966ef0ed7a20dc91fcf
- SHA1
  
  703be70c224f7b05b215d436d844009172765fc3
- SHA256
  
  dcda67858cd9303dd32c0c979030dc0025a457e8b52f8b1c76f3c99943b9b48f
- SHA512
  
  6cad428571d9a839cd0c85c7fd544aa730f7f08d2ef9c964cf9ee9a5043b690f8e902cf7290771e024a5803de407c1db75cabbded671a8a7309cc9d5859da298
- SSDEEP
  
  3072:gLySQYWrO0VctCPmJIHE+gRyRSIuznLstk4oQZiEap2Y:TYGPctCrEaRQLpWkpN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence