aa21d31c55ea2bb45b16bcca01c97f537adc17d65bb85cc0e0ae32614bfb0b4f | Triage

Sharing

General

Target

aa21d31c55ea2bb45b16bcca01c97f537adc17d65bb85cc0e0ae32614bfb0b4f
Size

196KB
Sample

221124-akmclaef65
MD5

27344188ab6d789d67ba4e51f628860d
SHA1

6f4e76ce9bfd6a47bc5dc5bd50dff3f8578b6567
SHA256

aa21d31c55ea2bb45b16bcca01c97f537adc17d65bb85cc0e0ae32614bfb0b4f
SHA512

1291ce5fcf559dd6f26ab05997f03a0d2a6d1a78dcaace14e4125186cf213c037badeeb83437d1e994d0b393b025ccdf560033c7de45a22320ccf5b6ab56e26d
SSDEEP

6144:FV4K16oTJWvfU4+bOl8femcK/fObT/bGimszUf7Wq3o:FAoTMvs4+bOlNK/fObT/bGipE7Ro

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  aa21d31c55ea2bb45b16bcca01c97f537adc17d65bb85cc0e0ae32614bfb0b4f
- Size
  
  196KB
- MD5
  
  27344188ab6d789d67ba4e51f628860d
- SHA1
  
  6f4e76ce9bfd6a47bc5dc5bd50dff3f8578b6567
- SHA256
  
  aa21d31c55ea2bb45b16bcca01c97f537adc17d65bb85cc0e0ae32614bfb0b4f
- SHA512
  
  1291ce5fcf559dd6f26ab05997f03a0d2a6d1a78dcaace14e4125186cf213c037badeeb83437d1e994d0b393b025ccdf560033c7de45a22320ccf5b6ab56e26d
- SSDEEP
  
  6144:FV4K16oTJWvfU4+bOl8femcK/fObT/bGimszUf7Wq3o:FAoTMvs4+bOlNK/fObT/bGipE7Ro
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence