0b257679291dd09d99e67095e17cbe2e204157d482435c213278397e42bf7ba7 | Triage

Sharing

General

Target

0b257679291dd09d99e67095e17cbe2e204157d482435c213278397e42bf7ba7
Size

296KB
Sample

221124-aml5lseg97
MD5

353155b807cc4d8450a45b3882a6ac9e
SHA1

1d48c05bedc48d3959ca5781d06ec60408c0449d
SHA256

0b257679291dd09d99e67095e17cbe2e204157d482435c213278397e42bf7ba7
SHA512

cc3cdaa1160ed4aeb5b40ed00a4998aabaa91c1e9a6dce3a5b668d25f3b584d13ca9139937b4c72434c4bcd988990bbbddfb928f33952fdbf8fa5f9a75cf6630
SSDEEP

6144:ykpD1y0FXrKnvmb7/D26OJYPsMiqDJlJNwHG6s20EBb4jHX3QA/hwNGhWhThPvMz:yaD1y0F7Knvmb7/D265DJlJNwHG6JTbk

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0b257679291dd09d99e67095e17cbe2e204157d482435c213278397e42bf7ba7
- Size
  
  296KB
- MD5
  
  353155b807cc4d8450a45b3882a6ac9e
- SHA1
  
  1d48c05bedc48d3959ca5781d06ec60408c0449d
- SHA256
  
  0b257679291dd09d99e67095e17cbe2e204157d482435c213278397e42bf7ba7
- SHA512
  
  cc3cdaa1160ed4aeb5b40ed00a4998aabaa91c1e9a6dce3a5b668d25f3b584d13ca9139937b4c72434c4bcd988990bbbddfb928f33952fdbf8fa5f9a75cf6630
- SSDEEP
  
  6144:ykpD1y0FXrKnvmb7/D26OJYPsMiqDJlJNwHG6s20EBb4jHX3QA/hwNGhWhThPvMz:yaD1y0F7Knvmb7/D265DJlJNwHG6JTbk
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence