c517797b756c327340d4c8fa3a72cc0a67d6af65bf97a844f9e04e19207a9f4a | Triage

Sharing

General

Target

c517797b756c327340d4c8fa3a72cc0a67d6af65bf97a844f9e04e19207a9f4a
Size

124KB
Sample

221124-ap4gnsab9w
MD5

051e530603fcb8cb9e09f80d2cdd3ce0
SHA1

6dbdd2ad5cc6ca640483237c7f19fec3de7df4f8
SHA256

c517797b756c327340d4c8fa3a72cc0a67d6af65bf97a844f9e04e19207a9f4a
SHA512

c4a46b779a6e34ba78d0ca0a92439a437b6a5cfea60e431255cd5efa73ef9d434119da268a4300f7161cf489db1cd88e1cf1041265e9ccc80bc7b3f5103a858c
SSDEEP

1536:SUszY5YPhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:ZGqYPhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c517797b756c327340d4c8fa3a72cc0a67d6af65bf97a844f9e04e19207a9f4a
- Size
  
  124KB
- MD5
  
  051e530603fcb8cb9e09f80d2cdd3ce0
- SHA1
  
  6dbdd2ad5cc6ca640483237c7f19fec3de7df4f8
- SHA256
  
  c517797b756c327340d4c8fa3a72cc0a67d6af65bf97a844f9e04e19207a9f4a
- SHA512
  
  c4a46b779a6e34ba78d0ca0a92439a437b6a5cfea60e431255cd5efa73ef9d434119da268a4300f7161cf489db1cd88e1cf1041265e9ccc80bc7b3f5103a858c
- SSDEEP
  
  1536:SUszY5YPhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:ZGqYPhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence