c0a1a2d60b941a64c0ee2c717f4b9e846a1fcf9f6f1f606114053c752cd9dc87 | Triage

Sharing

General

Target

c0a1a2d60b941a64c0ee2c717f4b9e846a1fcf9f6f1f606114053c752cd9dc87
Size

268KB
Sample

221124-ak31caef92
MD5

536096802a53fe15d4e7adc64e4f25a0
SHA1

bb48439b18ac2fcb6d6cf1ae47266ffd64d4a86e
SHA256

c0a1a2d60b941a64c0ee2c717f4b9e846a1fcf9f6f1f606114053c752cd9dc87
SHA512

96db14613b87c75fb08807f7a9d5111e46c0f6868f8282c5d396f92a7f5ab7df4cdd79595b1eb9cdb71075f699c0c813f4f27bb3fc6f603bc27db323308dd507
SSDEEP

3072:asSQrIhZDY1zuBvLen8DlZniqBXv7yOsWvgbsmmHX0WRgs:aCMQ1qFy8xZnisyOs2THEWRj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c0a1a2d60b941a64c0ee2c717f4b9e846a1fcf9f6f1f606114053c752cd9dc87
- Size
  
  268KB
- MD5
  
  536096802a53fe15d4e7adc64e4f25a0
- SHA1
  
  bb48439b18ac2fcb6d6cf1ae47266ffd64d4a86e
- SHA256
  
  c0a1a2d60b941a64c0ee2c717f4b9e846a1fcf9f6f1f606114053c752cd9dc87
- SHA512
  
  96db14613b87c75fb08807f7a9d5111e46c0f6868f8282c5d396f92a7f5ab7df4cdd79595b1eb9cdb71075f699c0c813f4f27bb3fc6f603bc27db323308dd507
- SSDEEP
  
  3072:asSQrIhZDY1zuBvLen8DlZniqBXv7yOsWvgbsmmHX0WRgs:aCMQ1qFy8xZnisyOs2THEWRj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence