010118f51ffe2ef7b77b73755ab2031879aa12a468f87a441dc35d3eeec46838 | Triage

Sharing

General

Target

010118f51ffe2ef7b77b73755ab2031879aa12a468f87a441dc35d3eeec46838
Size

268KB
Sample

221126-cqsgxahe4z
MD5

67eed31d9d75e7770f2f49ca141f6d5d
SHA1

ff8c2dafba25e9d8c18c6a5e2c1ee490ec7e680b
SHA256

010118f51ffe2ef7b77b73755ab2031879aa12a468f87a441dc35d3eeec46838
SHA512

951fd35f74cffca9770742ed6e041d0affaf5421db0b90826260009635a62824e04bc9c6b2ec824d29709ce35adc5c7ff6264ead036dc67f83a27a1e259d5763
SSDEEP

3072:JeaPWsEErNzY/NJ7dgo+Lk/BeHpHtOk0Ot3BWF8J+eobOlphjR:EsjN0/NJ7X1eHfKsWFE+ecOlpd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  010118f51ffe2ef7b77b73755ab2031879aa12a468f87a441dc35d3eeec46838
- Size
  
  268KB
- MD5
  
  67eed31d9d75e7770f2f49ca141f6d5d
- SHA1
  
  ff8c2dafba25e9d8c18c6a5e2c1ee490ec7e680b
- SHA256
  
  010118f51ffe2ef7b77b73755ab2031879aa12a468f87a441dc35d3eeec46838
- SHA512
  
  951fd35f74cffca9770742ed6e041d0affaf5421db0b90826260009635a62824e04bc9c6b2ec824d29709ce35adc5c7ff6264ead036dc67f83a27a1e259d5763
- SSDEEP
  
  3072:JeaPWsEErNzY/NJ7dgo+Lk/BeHpHtOk0Ot3BWF8J+eobOlphjR:EsjN0/NJ7X1eHfKsWFE+ecOlpd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence