b46a25d4e60b751812467127721c2cc3473f945af2b11149763bc346dbbbc8be | Triage

Sharing

General

Target

b46a25d4e60b751812467127721c2cc3473f945af2b11149763bc346dbbbc8be
Size

124KB
Sample

221124-ap6xssfa68
MD5

0368a05053d8acd6cd2d070c7f8e3630
SHA1

e1eb0e80f80acd6e94f0c108100bbfb5eb4966e4
SHA256

b46a25d4e60b751812467127721c2cc3473f945af2b11149763bc346dbbbc8be
SHA512

344a8e2ff0feb8e94fd2bd16a3ccc64829a02c3f15e57e817960648c9d98e7cfdbbab82a4e20fe29afb4745bb2b0f505c946adc19fe8006d57ec12626e9ab76a
SSDEEP

1536:ysszb5YMGahRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:hGNYMVhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b46a25d4e60b751812467127721c2cc3473f945af2b11149763bc346dbbbc8be
- Size
  
  124KB
- MD5
  
  0368a05053d8acd6cd2d070c7f8e3630
- SHA1
  
  e1eb0e80f80acd6e94f0c108100bbfb5eb4966e4
- SHA256
  
  b46a25d4e60b751812467127721c2cc3473f945af2b11149763bc346dbbbc8be
- SHA512
  
  344a8e2ff0feb8e94fd2bd16a3ccc64829a02c3f15e57e817960648c9d98e7cfdbbab82a4e20fe29afb4745bb2b0f505c946adc19fe8006d57ec12626e9ab76a
- SSDEEP
  
  1536:ysszb5YMGahRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:hGNYMVhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence