00f351d0787b87d91227fa125fc2a736698cd40082a6638c22218923eba0219b | Triage

Sharing

General

Target

00f351d0787b87d91227fa125fc2a736698cd40082a6638c22218923eba0219b
Size

52KB
Sample

221124-as62zaae3z
MD5

273474a0820a72479695a7d024ee4970
SHA1

aeebd3c4f4c78c972c99f78938cffbab971aa497
SHA256

00f351d0787b87d91227fa125fc2a736698cd40082a6638c22218923eba0219b
SHA512

9e7ba5b9d4c341a20c15a872857acdc3ccc31bc65038e146390474b422df12a0f49c6825dfe66fcfe4d67cbf7b656132b862184e04d943d41229165abb6a94a2
SSDEEP

768:neWnCwgRni/y1jskr/v/m89S3rkC6R+wibw52TzpUH:neBi/yNskr3mbkC6R+XpUH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  00f351d0787b87d91227fa125fc2a736698cd40082a6638c22218923eba0219b
- Size
  
  52KB
- MD5
  
  273474a0820a72479695a7d024ee4970
- SHA1
  
  aeebd3c4f4c78c972c99f78938cffbab971aa497
- SHA256
  
  00f351d0787b87d91227fa125fc2a736698cd40082a6638c22218923eba0219b
- SHA512
  
  9e7ba5b9d4c341a20c15a872857acdc3ccc31bc65038e146390474b422df12a0f49c6825dfe66fcfe4d67cbf7b656132b862184e04d943d41229165abb6a94a2
- SSDEEP
  
  768:neWnCwgRni/y1jskr/v/m89S3rkC6R+wibw52TzpUH:neBi/yNskr3mbkC6R+XpUH
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence