889cdd880c61ff2d8a087f5aadde16e06271d35629c117cd6ee4eaf9f1f81f84 | Triage

Sharing

General

Target

889cdd880c61ff2d8a087f5aadde16e06271d35629c117cd6ee4eaf9f1f81f84
Size

204KB
Sample

221124-amdhgaaa4w
MD5

16a5dfb813d17a5e788235fc5ef1dc62
SHA1

952fe3f86b51a390e5e7395d8c86119875229e33
SHA256

889cdd880c61ff2d8a087f5aadde16e06271d35629c117cd6ee4eaf9f1f81f84
SHA512

6c8003b4e7ca3d39d081e7b2fcad21a3dbabcdbcc5a2ddef92f4c6bad399932b4356ac8665ce2511f67c624a62ab24c85ad9219d3f370993e3a2bf80716e67d7
SSDEEP

3072:eun/3fTWor5J20AisM/8jp6tdlWbRVslWQifgO4F0llD/:esTWqJ3RsM/8E/IbRuLifI0l1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  889cdd880c61ff2d8a087f5aadde16e06271d35629c117cd6ee4eaf9f1f81f84
- Size
  
  204KB
- MD5
  
  16a5dfb813d17a5e788235fc5ef1dc62
- SHA1
  
  952fe3f86b51a390e5e7395d8c86119875229e33
- SHA256
  
  889cdd880c61ff2d8a087f5aadde16e06271d35629c117cd6ee4eaf9f1f81f84
- SHA512
  
  6c8003b4e7ca3d39d081e7b2fcad21a3dbabcdbcc5a2ddef92f4c6bad399932b4356ac8665ce2511f67c624a62ab24c85ad9219d3f370993e3a2bf80716e67d7
- SSDEEP
  
  3072:eun/3fTWor5J20AisM/8jp6tdlWbRVslWQifgO4F0llD/:esTWqJ3RsM/8E/IbRuLifI0l1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence