c0d417417d40b1aeb6e5c7bf010ff125514a9a526b2ad4b6c40602f045ab1830 | Triage

Sharing

General

Target

c0d417417d40b1aeb6e5c7bf010ff125514a9a526b2ad4b6c40602f045ab1830
Size

124KB
Sample

221124-ap437sab9x
MD5

34e689ce8e641504f2569db71558c880
SHA1

5402ed156ec4eaa3a0aa2e567b42629bbbf24e7c
SHA256

c0d417417d40b1aeb6e5c7bf010ff125514a9a526b2ad4b6c40602f045ab1830
SHA512

4590b25b25db5f69c1f35b8eeaaa8f4a7f4faf8acfa78a5d51017f2321a8d41c93b0bbf7a3bac2bba6a760f9370b0714884af4b94186230aa65b434d00af92f6
SSDEEP

1536:iCszz5YJMPhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:vG1YkhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c0d417417d40b1aeb6e5c7bf010ff125514a9a526b2ad4b6c40602f045ab1830
- Size
  
  124KB
- MD5
  
  34e689ce8e641504f2569db71558c880
- SHA1
  
  5402ed156ec4eaa3a0aa2e567b42629bbbf24e7c
- SHA256
  
  c0d417417d40b1aeb6e5c7bf010ff125514a9a526b2ad4b6c40602f045ab1830
- SHA512
  
  4590b25b25db5f69c1f35b8eeaaa8f4a7f4faf8acfa78a5d51017f2321a8d41c93b0bbf7a3bac2bba6a760f9370b0714884af4b94186230aa65b434d00af92f6
- SSDEEP
  
  1536:iCszz5YJMPhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:vG1YkhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence