0d37fbf246cca8a7510b613a04e33c0b23835123df3b91bc18d7afa6e8e89870 | Triage

Sharing

General

Target

0d37fbf246cca8a7510b613a04e33c0b23835123df3b91bc18d7afa6e8e89870
Size

124KB
Sample

221124-aqgdjafa82
MD5

1dc4f763f31466467b5bcd10daf888b0
SHA1

a6ecf6ca37f42cb4493e2c404c9edc3ad5595a08
SHA256

0d37fbf246cca8a7510b613a04e33c0b23835123df3b91bc18d7afa6e8e89870
SHA512

6457c51976f2f13fb0f05f966205698d135203570c99f8805f307ae3cb2546e383ef0b64f438052e826626105abfecd12eaaf1e678c862ff772b58d7a2e51947
SSDEEP

1536:qKsz45Y7jhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:/GKYnhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0d37fbf246cca8a7510b613a04e33c0b23835123df3b91bc18d7afa6e8e89870
- Size
  
  124KB
- MD5
  
  1dc4f763f31466467b5bcd10daf888b0
- SHA1
  
  a6ecf6ca37f42cb4493e2c404c9edc3ad5595a08
- SHA256
  
  0d37fbf246cca8a7510b613a04e33c0b23835123df3b91bc18d7afa6e8e89870
- SHA512
  
  6457c51976f2f13fb0f05f966205698d135203570c99f8805f307ae3cb2546e383ef0b64f438052e826626105abfecd12eaaf1e678c862ff772b58d7a2e51947
- SSDEEP
  
  1536:qKsz45Y7jhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:/GKYnhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence