28195abf85ed6d90da43cfa9d2c1d0dbb8cd7cdc3ccb69b13716c75b5c675d0f | Triage

Sharing

General

Target

28195abf85ed6d90da43cfa9d2c1d0dbb8cd7cdc3ccb69b13716c75b5c675d0f
Size

204KB
Sample

221124-amd41aeg84
MD5

5444772820193732e93ad032d14c0660
SHA1

191c8395306a3826abfcfe35e3b31edd567898f3
SHA256

28195abf85ed6d90da43cfa9d2c1d0dbb8cd7cdc3ccb69b13716c75b5c675d0f
SHA512

ad58bd45f5688de526ec52d46c75b43f491c9e908df18d9b8be9c946ef4f50258544dcc5743706fa705212ed70712ea43cb2fd6ed9958163f6070cdf393da264
SSDEEP

3072:Wu+F33TWor5J20AisM/8jp6tdlWbRVslWQifgO4F0llD/:WrTWqJ3RsM/8E/IbRuLifI0l1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  28195abf85ed6d90da43cfa9d2c1d0dbb8cd7cdc3ccb69b13716c75b5c675d0f
- Size
  
  204KB
- MD5
  
  5444772820193732e93ad032d14c0660
- SHA1
  
  191c8395306a3826abfcfe35e3b31edd567898f3
- SHA256
  
  28195abf85ed6d90da43cfa9d2c1d0dbb8cd7cdc3ccb69b13716c75b5c675d0f
- SHA512
  
  ad58bd45f5688de526ec52d46c75b43f491c9e908df18d9b8be9c946ef4f50258544dcc5743706fa705212ed70712ea43cb2fd6ed9958163f6070cdf393da264
- SSDEEP
  
  3072:Wu+F33TWor5J20AisM/8jp6tdlWbRVslWQifgO4F0llD/:WrTWqJ3RsM/8E/IbRuLifI0l1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence