52a6d88eb089fe91b6ba0ae0e7f408ee2c9784dd5688b6630adf34e7cf63a688 | Triage

Sharing

General

Target

52a6d88eb089fe91b6ba0ae0e7f408ee2c9784dd5688b6630adf34e7cf63a688
Size

240KB
Sample

221124-annd3aab2t
MD5

34e01d581c9569bb2d7b44b8e6e65770
SHA1

4ede2c34b01ea01b74bbbbb93d326f1f7cd50720
SHA256

52a6d88eb089fe91b6ba0ae0e7f408ee2c9784dd5688b6630adf34e7cf63a688
SHA512

972c5be5f9f776295e77c2f2575fbcb58dc30cd1d9709177639c3e7eea1ba1354d2a03b6a759f6fa7874bcf7bd39da49983bde0067165c24d4fb44c2ef999043
SSDEEP

3072:kG5UnRW+zbfMjS2BXeWBFcAfqTEBRjefrfRLfN561PHuh0x2YW6:kSaFD2peScAfA0jCfr567J

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  52a6d88eb089fe91b6ba0ae0e7f408ee2c9784dd5688b6630adf34e7cf63a688
- Size
  
  240KB
- MD5
  
  34e01d581c9569bb2d7b44b8e6e65770
- SHA1
  
  4ede2c34b01ea01b74bbbbb93d326f1f7cd50720
- SHA256
  
  52a6d88eb089fe91b6ba0ae0e7f408ee2c9784dd5688b6630adf34e7cf63a688
- SHA512
  
  972c5be5f9f776295e77c2f2575fbcb58dc30cd1d9709177639c3e7eea1ba1354d2a03b6a759f6fa7874bcf7bd39da49983bde0067165c24d4fb44c2ef999043
- SSDEEP
  
  3072:kG5UnRW+zbfMjS2BXeWBFcAfqTEBRjefrfRLfN561PHuh0x2YW6:kSaFD2peScAfA0jCfr567J
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence