f3822f0c0d94939b60f6cbed31fb8f43ea93778a10074f2f5bc74520e11063e2 | Triage

Sharing

General

Target

f3822f0c0d94939b60f6cbed31fb8f43ea93778a10074f2f5bc74520e11063e2
Size

228KB
Sample

221124-avf9bsfd38
MD5

5445b860a295993e9591ab85921feb70
SHA1

66b3cfd3649d73c4f6a161d080803abe3de9c282
SHA256

f3822f0c0d94939b60f6cbed31fb8f43ea93778a10074f2f5bc74520e11063e2
SHA512

0664674c2468cd8b1b21e537b6b815f7705129d1e97f263245b660f8d8e945fcd1828660550c21b1734ea334f0d6218ef67117ceb1caef5a25962ea4bd73e3b4
SSDEEP

6144:k3tFwzWQk2+OMcppIRW30d+h8wZ2Uf/T11cradKtvr1K/fObT/bGipKgJJeZ4cAo:CFwEOMcppIRW3M+hwUf/Z1craduvr1Kd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f3822f0c0d94939b60f6cbed31fb8f43ea93778a10074f2f5bc74520e11063e2
- Size
  
  228KB
- MD5
  
  5445b860a295993e9591ab85921feb70
- SHA1
  
  66b3cfd3649d73c4f6a161d080803abe3de9c282
- SHA256
  
  f3822f0c0d94939b60f6cbed31fb8f43ea93778a10074f2f5bc74520e11063e2
- SHA512
  
  0664674c2468cd8b1b21e537b6b815f7705129d1e97f263245b660f8d8e945fcd1828660550c21b1734ea334f0d6218ef67117ceb1caef5a25962ea4bd73e3b4
- SSDEEP
  
  6144:k3tFwzWQk2+OMcppIRW30d+h8wZ2Uf/T11cradKtvr1K/fObT/bGipKgJJeZ4cAo:CFwEOMcppIRW3M+hwUf/Z1craduvr1Kd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence