294cc33e3a4f9d536cba74da921f597d478a6f18c08900ddf30985a51742d8e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

294cc33e3a4f9d536cba74da921f597d478a6f18c08900ddf30985a51742d8e9
Size

88KB
Sample

221124-agpzbaed46
MD5

34c7ee85d7138e7b361b5c3da22e2630
SHA1

81eeeb40b07e88d3f092c53282d2bef48e53328d
SHA256

294cc33e3a4f9d536cba74da921f597d478a6f18c08900ddf30985a51742d8e9
SHA512

235f2b320d230223a28cb5bd76491fe787121035e96bab2c3594dbaa9360f150fd83a84c7e8e7ba96992c3034a8406f18d863781ebad01a19757784da951e400
SSDEEP

1536:FqTwkNvIrlFEJ71b2gYmHVwrES6QdGV4kQ:cTjsiJ71bBCGPQ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  294cc33e3a4f9d536cba74da921f597d478a6f18c08900ddf30985a51742d8e9
- Size
  
  88KB
- MD5
  
  34c7ee85d7138e7b361b5c3da22e2630
- SHA1
  
  81eeeb40b07e88d3f092c53282d2bef48e53328d
- SHA256
  
  294cc33e3a4f9d536cba74da921f597d478a6f18c08900ddf30985a51742d8e9
- SHA512
  
  235f2b320d230223a28cb5bd76491fe787121035e96bab2c3594dbaa9360f150fd83a84c7e8e7ba96992c3034a8406f18d863781ebad01a19757784da951e400
- SSDEEP
  
  1536:FqTwkNvIrlFEJ71b2gYmHVwrES6QdGV4kQ:cTjsiJ71bBCGPQ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence