5c3e2056006292c592ce7a3c3ea074e5f92bbc205864ab43079a37e0de6c897b | Triage

Sharing

General

Target

5c3e2056006292c592ce7a3c3ea074e5f92bbc205864ab43079a37e0de6c897b
Size

124KB
Sample

221124-aqdbwaac2z
MD5

07a2c2291862a87199bdf44df08c3620
SHA1

ad1baf30a268a0040628065701bbe56bdae6df89
SHA256

5c3e2056006292c592ce7a3c3ea074e5f92bbc205864ab43079a37e0de6c897b
SHA512

7f61d99a307dd5ef99293a05a4386974b3f58cd373c280226c314379f9fc95b50266276e859c47b13d45b41f496acdc904bd3f7f48db14a0d27282fa5f29fa33
SSDEEP

1536:nLszl5YPhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:LGjYPhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5c3e2056006292c592ce7a3c3ea074e5f92bbc205864ab43079a37e0de6c897b
- Size
  
  124KB
- MD5
  
  07a2c2291862a87199bdf44df08c3620
- SHA1
  
  ad1baf30a268a0040628065701bbe56bdae6df89
- SHA256
  
  5c3e2056006292c592ce7a3c3ea074e5f92bbc205864ab43079a37e0de6c897b
- SHA512
  
  7f61d99a307dd5ef99293a05a4386974b3f58cd373c280226c314379f9fc95b50266276e859c47b13d45b41f496acdc904bd3f7f48db14a0d27282fa5f29fa33
- SSDEEP
  
  1536:nLszl5YPhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:LGjYPhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence