9a4014f6f831c6922b4c908d563d028602664fc6d7f7aa4ff3d36f32da0a7da4 | Triage

Sharing

General

Target

9a4014f6f831c6922b4c908d563d028602664fc6d7f7aa4ff3d36f32da0a7da4
Size

288KB
Sample

221127-bpswlsde2w
MD5

3d1d3faac138fe47b3b82f87c425e1a2
SHA1

c3947e854178a887131a51970e2d8c4caaee0c6e
SHA256

9a4014f6f831c6922b4c908d563d028602664fc6d7f7aa4ff3d36f32da0a7da4
SHA512

1016986c099d73afc0fae4458e7d2ff910950267bcbbf380e1540c6204497788ea0d13db61d69a7739931ee638a6c67dfb59aa806f8daa9e441ee0f1998a1d77
SSDEEP

3072:AU0nk+hQdiP8OZAksTCPkix7Fe7dEN8EXgNqf5cTrWi6ei2uiTbtTmH8Fe90p06h:70WiPQbYJFsE0NMCP6wJYj8t/xh

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9a4014f6f831c6922b4c908d563d028602664fc6d7f7aa4ff3d36f32da0a7da4
- Size
  
  288KB
- MD5
  
  3d1d3faac138fe47b3b82f87c425e1a2
- SHA1
  
  c3947e854178a887131a51970e2d8c4caaee0c6e
- SHA256
  
  9a4014f6f831c6922b4c908d563d028602664fc6d7f7aa4ff3d36f32da0a7da4
- SHA512
  
  1016986c099d73afc0fae4458e7d2ff910950267bcbbf380e1540c6204497788ea0d13db61d69a7739931ee638a6c67dfb59aa806f8daa9e441ee0f1998a1d77
- SSDEEP
  
  3072:AU0nk+hQdiP8OZAksTCPkix7Fe7dEN8EXgNqf5cTrWi6ei2uiTbtTmH8Fe90p06h:70WiPQbYJFsE0NMCP6wJYj8t/xh
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence