69186384bbd16794383cd6f7d8c73cb2acd476a892f27b7d93e5d58c88b49c95 | Triage

Sharing

General

Target

69186384bbd16794383cd6f7d8c73cb2acd476a892f27b7d93e5d58c88b49c95
Size

68KB
Sample

221124-ns6yvsbd46
MD5

8dc6ae96d7d70d8f90b8e4b958e3d2a4
SHA1

b8ba1181d357315a7db3edfc507b490d5fd70a16
SHA256

69186384bbd16794383cd6f7d8c73cb2acd476a892f27b7d93e5d58c88b49c95
SHA512

10c0b5a649420c3e4be6338417c99527faee14a62229846f328c8b4afea659669c177090e71763dd36e28c57ef1be842d6729b4b59fbcac59cd978ee7cc147c2
SSDEEP

768:qcKliTdmoAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:hKIxzAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  69186384bbd16794383cd6f7d8c73cb2acd476a892f27b7d93e5d58c88b49c95
- Size
  
  68KB
- MD5
  
  8dc6ae96d7d70d8f90b8e4b958e3d2a4
- SHA1
  
  b8ba1181d357315a7db3edfc507b490d5fd70a16
- SHA256
  
  69186384bbd16794383cd6f7d8c73cb2acd476a892f27b7d93e5d58c88b49c95
- SHA512
  
  10c0b5a649420c3e4be6338417c99527faee14a62229846f328c8b4afea659669c177090e71763dd36e28c57ef1be842d6729b4b59fbcac59cd978ee7cc147c2
- SSDEEP
  
  768:qcKliTdmoAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:hKIxzAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence