845c69ef5e8c296d706c8b2b854638ec22a365900f8451b271dd02392735b4ca | Triage

Sharing

General

Target

845c69ef5e8c296d706c8b2b854638ec22a365900f8451b271dd02392735b4ca
Size

204KB
Sample

221124-am6h9aeh48
MD5

261b7d5c3df59d59de8439604bdf98b0
SHA1

25f835ed095f7c870526bf11c4765f6e05c8e435
SHA256

845c69ef5e8c296d706c8b2b854638ec22a365900f8451b271dd02392735b4ca
SHA512

cc315c1135dd06d232eac0a8a184538ed4887c8b06d46fc22aca8e2fd6c53b17186f27da330d6c9c9181f11e585c8d3ddf30d5d540eae96e8de86024a8203f4d
SSDEEP

6144:wwsJtZNngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7IZ:wwmNngeO+cwjfTfGHN1Ax9uJV10BK+bQ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  845c69ef5e8c296d706c8b2b854638ec22a365900f8451b271dd02392735b4ca
- Size
  
  204KB
- MD5
  
  261b7d5c3df59d59de8439604bdf98b0
- SHA1
  
  25f835ed095f7c870526bf11c4765f6e05c8e435
- SHA256
  
  845c69ef5e8c296d706c8b2b854638ec22a365900f8451b271dd02392735b4ca
- SHA512
  
  cc315c1135dd06d232eac0a8a184538ed4887c8b06d46fc22aca8e2fd6c53b17186f27da330d6c9c9181f11e585c8d3ddf30d5d540eae96e8de86024a8203f4d
- SSDEEP
  
  6144:wwsJtZNngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7IZ:wwmNngeO+cwjfTfGHN1Ax9uJV10BK+bQ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence