431198d4bd93b3840abb84ceb1da5f4a48232e95fe7da1d9a7631a09da108eb9 | Triage

Sharing

General

Target

431198d4bd93b3840abb84ceb1da5f4a48232e95fe7da1d9a7631a09da108eb9
Size

220KB
Sample

221124-apla4aab61
MD5

196c0e4e1e41e81a5f7e3f1560979be0
SHA1

14b06ada0aaa08b698650ce088e39a32e4ebed10
SHA256

431198d4bd93b3840abb84ceb1da5f4a48232e95fe7da1d9a7631a09da108eb9
SHA512

f9aef568f002d3b889e63fe3c5fff178dd2fbeebcc30985d00ef96bd9ee45e6e28c3c8d38a16f7db85a41f1eddba66fa458005841599e711fc96820718300875
SSDEEP

3072:8jwsq8CGAALc3uk85gVzaSCz7TG2KAikGFH+aaFuJ+WJv:awXTGPL8uXgzqmhBjJD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  431198d4bd93b3840abb84ceb1da5f4a48232e95fe7da1d9a7631a09da108eb9
- Size
  
  220KB
- MD5
  
  196c0e4e1e41e81a5f7e3f1560979be0
- SHA1
  
  14b06ada0aaa08b698650ce088e39a32e4ebed10
- SHA256
  
  431198d4bd93b3840abb84ceb1da5f4a48232e95fe7da1d9a7631a09da108eb9
- SHA512
  
  f9aef568f002d3b889e63fe3c5fff178dd2fbeebcc30985d00ef96bd9ee45e6e28c3c8d38a16f7db85a41f1eddba66fa458005841599e711fc96820718300875
- SSDEEP
  
  3072:8jwsq8CGAALc3uk85gVzaSCz7TG2KAikGFH+aaFuJ+WJv:awXTGPL8uXgzqmhBjJD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence