c68d204738cb101c896b33592939168cf1fbc100753ed4f61cc5a11a98876b6f | Triage

Sharing

General

Target

c68d204738cb101c896b33592939168cf1fbc100753ed4f61cc5a11a98876b6f
Size

68KB
Sample

221124-qf33jsad6v
MD5

f1965dfea9a514d0459576b75cde9658
SHA1

396a48aaca2f960ef591ae93049edb0f9b3b3554
SHA256

c68d204738cb101c896b33592939168cf1fbc100753ed4f61cc5a11a98876b6f
SHA512

1c5a37fb803993dd2c5d1023336b352dcb9bcb2dd99fb6b8f49b360125e833ceef16275cf98cb91bc5a42247e816ba314e46c27c3d670acce446bd597f446414
SSDEEP

768:fcjliTdmoAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:0jIxjAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c68d204738cb101c896b33592939168cf1fbc100753ed4f61cc5a11a98876b6f
- Size
  
  68KB
- MD5
  
  f1965dfea9a514d0459576b75cde9658
- SHA1
  
  396a48aaca2f960ef591ae93049edb0f9b3b3554
- SHA256
  
  c68d204738cb101c896b33592939168cf1fbc100753ed4f61cc5a11a98876b6f
- SHA512
  
  1c5a37fb803993dd2c5d1023336b352dcb9bcb2dd99fb6b8f49b360125e833ceef16275cf98cb91bc5a42247e816ba314e46c27c3d670acce446bd597f446414
- SSDEEP
  
  768:fcjliTdmoAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:0jIxjAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence