f3f6f4bfba2577dda762122e9cae3bb7dd2529a666a6bccc9c9d6159aa016082 | Triage

Sharing

General

Target

f3f6f4bfba2577dda762122e9cae3bb7dd2529a666a6bccc9c9d6159aa016082
Size

68KB
Sample

221124-qm3elafe83
MD5

33fe7f95a1f9d03025b82ba83bb3b755
SHA1

b0b6365582990ddee4dce190ed4ed793ea9cdf90
SHA256

f3f6f4bfba2577dda762122e9cae3bb7dd2529a666a6bccc9c9d6159aa016082
SHA512

0f7832fa81bf541f0f0ea9784a196e7e54e7847260cb0bd4092a9d09a64fea12430310d77aa51b7b76f9657bcba00c3acfce928eb5d7e109989bb7eded8ade4c
SSDEEP

768:3cDliTdesAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:sDIxnAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f3f6f4bfba2577dda762122e9cae3bb7dd2529a666a6bccc9c9d6159aa016082
- Size
  
  68KB
- MD5
  
  33fe7f95a1f9d03025b82ba83bb3b755
- SHA1
  
  b0b6365582990ddee4dce190ed4ed793ea9cdf90
- SHA256
  
  f3f6f4bfba2577dda762122e9cae3bb7dd2529a666a6bccc9c9d6159aa016082
- SHA512
  
  0f7832fa81bf541f0f0ea9784a196e7e54e7847260cb0bd4092a9d09a64fea12430310d77aa51b7b76f9657bcba00c3acfce928eb5d7e109989bb7eded8ade4c
- SSDEEP
  
  768:3cDliTdesAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:sDIxnAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence