c909b1479bd6fcc7781864ec4fed86c77550a001d09e883e11eabe0fbc1240f1 | Triage

Sharing

General

Target

c909b1479bd6fcc7781864ec4fed86c77550a001d09e883e11eabe0fbc1240f1
Size

216KB
Sample

221124-amjz9aaa41
MD5

25bb8b989cacc4895231e4c151cc596f
SHA1

ae4b164b3157c49d6138b5d243c4a0facc1e3f70
SHA256

c909b1479bd6fcc7781864ec4fed86c77550a001d09e883e11eabe0fbc1240f1
SHA512

b926c9d786862babd1b16169cf49813a1cc47845f4fa9be63d75bbb1cec57b76ed64bd1ed016ddd1126fc6ebb788c7a0e8071b9c21601b750924b1b04b093332
SSDEEP

3072:GFvdhkuVoHFGFooobAqzNOEbOKZbtpGPsLx2:GFvH5YPseNmKJtpL2

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c909b1479bd6fcc7781864ec4fed86c77550a001d09e883e11eabe0fbc1240f1
- Size
  
  216KB
- MD5
  
  25bb8b989cacc4895231e4c151cc596f
- SHA1
  
  ae4b164b3157c49d6138b5d243c4a0facc1e3f70
- SHA256
  
  c909b1479bd6fcc7781864ec4fed86c77550a001d09e883e11eabe0fbc1240f1
- SHA512
  
  b926c9d786862babd1b16169cf49813a1cc47845f4fa9be63d75bbb1cec57b76ed64bd1ed016ddd1126fc6ebb788c7a0e8071b9c21601b750924b1b04b093332
- SSDEEP
  
  3072:GFvdhkuVoHFGFooobAqzNOEbOKZbtpGPsLx2:GFvH5YPseNmKJtpL2
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence