109bd22943c1dcd105fb1aab401509fc7c5dbcb39b126f1a9b70d1e52946b0eb | Triage

Sharing

General

Target

109bd22943c1dcd105fb1aab401509fc7c5dbcb39b126f1a9b70d1e52946b0eb
Size

159KB
Sample

221124-axlxlafe69
MD5

435d0674ea2950b2ffe462ab832cd349
SHA1

3add66c69d51770ac8ffa9f9172701ebe11b7d57
SHA256

109bd22943c1dcd105fb1aab401509fc7c5dbcb39b126f1a9b70d1e52946b0eb
SHA512

be4ae9353dfcc42e8470bfcfd94c8b9c10a6d2e757ba3909e3a6983e7e29e7efe91d7f6207f37774ea6ed8aedf4e96eaabbc9da5c931b39cb482adbc1f422e1a
SSDEEP

3072:7TzREHZMjeO2Twnf8Qjv4t0GmFkBjiZvdSecpseEQ9k8qmdK040qhTx:7fqHsejTYvA0CBjKSecprZkbmd8l1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  109bd22943c1dcd105fb1aab401509fc7c5dbcb39b126f1a9b70d1e52946b0eb
- Size
  
  159KB
- MD5
  
  435d0674ea2950b2ffe462ab832cd349
- SHA1
  
  3add66c69d51770ac8ffa9f9172701ebe11b7d57
- SHA256
  
  109bd22943c1dcd105fb1aab401509fc7c5dbcb39b126f1a9b70d1e52946b0eb
- SHA512
  
  be4ae9353dfcc42e8470bfcfd94c8b9c10a6d2e757ba3909e3a6983e7e29e7efe91d7f6207f37774ea6ed8aedf4e96eaabbc9da5c931b39cb482adbc1f422e1a
- SSDEEP
  
  3072:7TzREHZMjeO2Twnf8Qjv4t0GmFkBjiZvdSecpseEQ9k8qmdK040qhTx:7fqHsejTYvA0CBjKSecprZkbmd8l1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence