db01b04e3e4505f3bc5c70d77f1c2e4bce2a1c0390f8edecad0f843cff2a8d49 | Triage

Sharing

General

Target

db01b04e3e4505f3bc5c70d77f1c2e4bce2a1c0390f8edecad0f843cff2a8d49
Size

180KB
Sample

221124-aqppxaac4x
MD5

001dac0390a4ec1b0e7438aef424df40
SHA1

92aa25d5bb949f93fb85a5373c31018c960c4e69
SHA256

db01b04e3e4505f3bc5c70d77f1c2e4bce2a1c0390f8edecad0f843cff2a8d49
SHA512

8352710a68bc39cf3147638feb85169acf110ec537feb11c2f7356678b21f3868e33d1ac384791ee73a84dcc55a0596381bdda313e40b7f7fee290fda03c0806
SSDEEP

3072:YNcoen92EVB9/mHVQ/934fkr5CuT8G+ufJyKu8soP:YNmn92EVre1Q/t4fi5CuT8G+ub

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  db01b04e3e4505f3bc5c70d77f1c2e4bce2a1c0390f8edecad0f843cff2a8d49
- Size
  
  180KB
- MD5
  
  001dac0390a4ec1b0e7438aef424df40
- SHA1
  
  92aa25d5bb949f93fb85a5373c31018c960c4e69
- SHA256
  
  db01b04e3e4505f3bc5c70d77f1c2e4bce2a1c0390f8edecad0f843cff2a8d49
- SHA512
  
  8352710a68bc39cf3147638feb85169acf110ec537feb11c2f7356678b21f3868e33d1ac384791ee73a84dcc55a0596381bdda313e40b7f7fee290fda03c0806
- SSDEEP
  
  3072:YNcoen92EVB9/mHVQ/934fkr5CuT8G+ufJyKu8soP:YNmn92EVre1Q/t4fi5CuT8G+ub
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence