b8628cd175e73fe1d8d51f0b15b4389b78dd12a2eb9ae8fdd286c11ca7cf43e9 | Triage

Sharing

General

Target

b8628cd175e73fe1d8d51f0b15b4389b78dd12a2eb9ae8fdd286c11ca7cf43e9
Size

252KB
Sample

221124-anjqwaaa9z
MD5

0539065b43e4e75d5e100593dd034f36
SHA1

bb173ebb6ebd0c1d47215c78647a539a70526632
SHA256

b8628cd175e73fe1d8d51f0b15b4389b78dd12a2eb9ae8fdd286c11ca7cf43e9
SHA512

d7d293c47862adf0f2789cd22304340cb7ca6db495883bac99e515941825b76abb04ca7cb637cc062d4c869594b778d81266eaab7d51bee5c55e80b437f38d21
SSDEEP

6144:Orh0e5rhVz84rjL1/gq0n74Gp+QFbLVBvOP+c+EdMUutF:+h0KrhK4rjL1/gq0n74Gp+QFbLV0+RUa

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b8628cd175e73fe1d8d51f0b15b4389b78dd12a2eb9ae8fdd286c11ca7cf43e9
- Size
  
  252KB
- MD5
  
  0539065b43e4e75d5e100593dd034f36
- SHA1
  
  bb173ebb6ebd0c1d47215c78647a539a70526632
- SHA256
  
  b8628cd175e73fe1d8d51f0b15b4389b78dd12a2eb9ae8fdd286c11ca7cf43e9
- SHA512
  
  d7d293c47862adf0f2789cd22304340cb7ca6db495883bac99e515941825b76abb04ca7cb637cc062d4c869594b778d81266eaab7d51bee5c55e80b437f38d21
- SSDEEP
  
  6144:Orh0e5rhVz84rjL1/gq0n74Gp+QFbLVBvOP+c+EdMUutF:+h0KrhK4rjL1/gq0n74Gp+QFbLV0+RUa
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence