2dd2ec93bca1efadc7087fb363980567af76894514b6a76989712987c20a7986 | Triage

Sharing

General

Target

2dd2ec93bca1efadc7087fb363980567af76894514b6a76989712987c20a7986
Size

264KB
Sample

221124-angxaaeh64
MD5

3496d97034b7ca903a59c8459f664e10
SHA1

efa2de3c817d67b8b37f1d7dcf5ad00e2e9e60f7
SHA256

2dd2ec93bca1efadc7087fb363980567af76894514b6a76989712987c20a7986
SHA512

481220791de90de2aea9bc40c9328c681352a6c6e20843bedc5189e4c99afc84ed2ed5b7b4c20071ee48fd53eb94b864e498e9cd661bba89fa7bbdefe9a72e00
SSDEEP

3072:bwwQcqsOUZu2IDyG2pfr4GNLzECcKIvMBSYWunCvPQiwhjXH1WkaBx5/lvnjLYa7:swQ3sOUA9Ic6OLynWunzXH1W9rt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2dd2ec93bca1efadc7087fb363980567af76894514b6a76989712987c20a7986
- Size
  
  264KB
- MD5
  
  3496d97034b7ca903a59c8459f664e10
- SHA1
  
  efa2de3c817d67b8b37f1d7dcf5ad00e2e9e60f7
- SHA256
  
  2dd2ec93bca1efadc7087fb363980567af76894514b6a76989712987c20a7986
- SHA512
  
  481220791de90de2aea9bc40c9328c681352a6c6e20843bedc5189e4c99afc84ed2ed5b7b4c20071ee48fd53eb94b864e498e9cd661bba89fa7bbdefe9a72e00
- SSDEEP
  
  3072:bwwQcqsOUZu2IDyG2pfr4GNLzECcKIvMBSYWunCvPQiwhjXH1WkaBx5/lvnjLYa7:swQ3sOUA9Ic6OLynWunzXH1W9rt
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence