bff2bf493325119f9a575f1b1917ee01679c48b4991ca9356c33e1dccb0631bb | Triage

Sharing

General

Target

bff2bf493325119f9a575f1b1917ee01679c48b4991ca9356c33e1dccb0631bb
Size

216KB
Sample

221124-amklsaaa5s
MD5

2b109e310349ac6476fac279239c53e0
SHA1

c44a85b0d9c78035c77c6e2bf90e17dd3eba8f6a
SHA256

bff2bf493325119f9a575f1b1917ee01679c48b4991ca9356c33e1dccb0631bb
SHA512

2f33954ae7e563f55730a05ba07e30e44d7dcec40b27a6352182376173854a27870dd8879ba35f20fb91381e90c44e2f42ae1a4d4d14b16650635014707e67e4
SSDEEP

3072:mFvdlkZboHFGFooobAqzNOEbOKZbtpGPsLxf:mFvzNPseNmKJtpLf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bff2bf493325119f9a575f1b1917ee01679c48b4991ca9356c33e1dccb0631bb
- Size
  
  216KB
- MD5
  
  2b109e310349ac6476fac279239c53e0
- SHA1
  
  c44a85b0d9c78035c77c6e2bf90e17dd3eba8f6a
- SHA256
  
  bff2bf493325119f9a575f1b1917ee01679c48b4991ca9356c33e1dccb0631bb
- SHA512
  
  2f33954ae7e563f55730a05ba07e30e44d7dcec40b27a6352182376173854a27870dd8879ba35f20fb91381e90c44e2f42ae1a4d4d14b16650635014707e67e4
- SSDEEP
  
  3072:mFvdlkZboHFGFooobAqzNOEbOKZbtpGPsLxf:mFvzNPseNmKJtpLf
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence