08d947988dc6f300e9c934ecdb6933285635caedd131f17d7795b6853d6009d2 | Triage

Sharing

General

Target

08d947988dc6f300e9c934ecdb6933285635caedd131f17d7795b6853d6009d2
Size

132KB
Sample

221124-j5vzxaah47
MD5

7f2c14c5348a3a3ba2b36a63790edc3f
SHA1

4bf9ff875ef40224d9ff234f705fdfa0300a2165
SHA256

08d947988dc6f300e9c934ecdb6933285635caedd131f17d7795b6853d6009d2
SHA512

2e577f28f6d2f3f9e7d57f8e1cc406e84322c8cea768ad862967c34d37a064e67b999657b217c9008e3b15d62a7cdb6caa9c206bd166630ee917a819d21c7c20
SSDEEP

1536:M1vNECmXyUof/C5/oeWBbzAmHawpglWxOAUbU0Gvlgbs4hdGtavoycXI:MvN7Uyv/CVpWBbrxQ2gwSoavHc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  08d947988dc6f300e9c934ecdb6933285635caedd131f17d7795b6853d6009d2
- Size
  
  132KB
- MD5
  
  7f2c14c5348a3a3ba2b36a63790edc3f
- SHA1
  
  4bf9ff875ef40224d9ff234f705fdfa0300a2165
- SHA256
  
  08d947988dc6f300e9c934ecdb6933285635caedd131f17d7795b6853d6009d2
- SHA512
  
  2e577f28f6d2f3f9e7d57f8e1cc406e84322c8cea768ad862967c34d37a064e67b999657b217c9008e3b15d62a7cdb6caa9c206bd166630ee917a819d21c7c20
- SSDEEP
  
  1536:M1vNECmXyUof/C5/oeWBbzAmHawpglWxOAUbU0Gvlgbs4hdGtavoycXI:MvN7Uyv/CVpWBbrxQ2gwSoavHc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence