31ddffc973aad7533f04e7333f308a9e2ed853e68582a7b9fa2f60a0bd82e14c | Triage

Sharing

General

Target

31ddffc973aad7533f04e7333f308a9e2ed853e68582a7b9fa2f60a0bd82e14c
Size

240KB
Sample

221124-anyvsseh88
MD5

2a99dbf42068aa8f356f990b9a8dfe00
SHA1

3f4801e737a838a447a95d2a4e9c9b3bcd75091e
SHA256

31ddffc973aad7533f04e7333f308a9e2ed853e68582a7b9fa2f60a0bd82e14c
SHA512

3ec24d1e1f46e507c71df291e4c57dad6802b1cd000d8cc3bf480d9e7eb83a07d2329fe88fc525e13dbf42417ec22947d2b368811991863ada67238f965d9870
SSDEEP

3072:/zkBGrT8j6VlpvBd90i/SmWKLi7CjFSivnfu3fbMdozt5cz0GI:/zX0UGKGkFRKfeoztO4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  31ddffc973aad7533f04e7333f308a9e2ed853e68582a7b9fa2f60a0bd82e14c
- Size
  
  240KB
- MD5
  
  2a99dbf42068aa8f356f990b9a8dfe00
- SHA1
  
  3f4801e737a838a447a95d2a4e9c9b3bcd75091e
- SHA256
  
  31ddffc973aad7533f04e7333f308a9e2ed853e68582a7b9fa2f60a0bd82e14c
- SHA512
  
  3ec24d1e1f46e507c71df291e4c57dad6802b1cd000d8cc3bf480d9e7eb83a07d2329fe88fc525e13dbf42417ec22947d2b368811991863ada67238f965d9870
- SSDEEP
  
  3072:/zkBGrT8j6VlpvBd90i/SmWKLi7CjFSivnfu3fbMdozt5cz0GI:/zX0UGKGkFRKfeoztO4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence