d3680ce3614943bccbb14a95084ac67bcd274a8baae7dedc3d0aef045cec59b4 | Triage

Sharing

General

Target

d3680ce3614943bccbb14a95084ac67bcd274a8baae7dedc3d0aef045cec59b4
Size

432KB
Sample

221127-bt91paad33
MD5

b4fc3739d4a1d4ed2729ff9c50b5ad16
SHA1

eca039c37693c947dd712ec73eca46e6ae8d5693
SHA256

d3680ce3614943bccbb14a95084ac67bcd274a8baae7dedc3d0aef045cec59b4
SHA512

1169e664d2033f2fa50acad3bf0bfb30d8362292de0562f068fe921001bdf010aac9c7cd5462edbd5590085f043b9ddb6a65850594ae4c5d5d734d36190c290f
SSDEEP

3072:KylGSGtGSGOGOGlGln+Vk8m8ClX0kUb+16H6b5p8I0yH/JN8HOWShM+L7aL7b:KgbELf/MS8cWdi5pV/JNWOVhMr

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d3680ce3614943bccbb14a95084ac67bcd274a8baae7dedc3d0aef045cec59b4
- Size
  
  432KB
- MD5
  
  b4fc3739d4a1d4ed2729ff9c50b5ad16
- SHA1
  
  eca039c37693c947dd712ec73eca46e6ae8d5693
- SHA256
  
  d3680ce3614943bccbb14a95084ac67bcd274a8baae7dedc3d0aef045cec59b4
- SHA512
  
  1169e664d2033f2fa50acad3bf0bfb30d8362292de0562f068fe921001bdf010aac9c7cd5462edbd5590085f043b9ddb6a65850594ae4c5d5d734d36190c290f
- SSDEEP
  
  3072:KylGSGtGSGOGOGlGln+Vk8m8ClX0kUb+16H6b5p8I0yH/JN8HOWShM+L7aL7b:KgbELf/MS8cWdi5pV/JNWOVhMr
Score

10^/10

evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence