cd287c4a679242b8b6e1d3e364e62c96bd32563c252c4620b8d2ad2036e43890 | Triage

Sharing

General

Target

cd287c4a679242b8b6e1d3e364e62c96bd32563c252c4620b8d2ad2036e43890
Size

116KB
Sample

221127-ja6sxsdd6z
MD5

41d0fb835fb065e44a0dd66bd720462d
SHA1

466b4879565c90ef587bde27837a1bd3d415abfc
SHA256

cd287c4a679242b8b6e1d3e364e62c96bd32563c252c4620b8d2ad2036e43890
SHA512

e8d7b34f8c00b32d5ef356b8939278c620f7529462890b960d7f04f2e10b424801acad74dcf9ce8deb9addd00fdbca295fae31c9121e2184130ba7d2f037810c
SSDEEP

1536:kQpxoi++48Kw6KBOIW4Z8HO1Zwt0f4HeDUEdMOPy9sbgNWwo7JaSU:Vp++4fIr1ZNDUEdvwQG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cd287c4a679242b8b6e1d3e364e62c96bd32563c252c4620b8d2ad2036e43890
- Size
  
  116KB
- MD5
  
  41d0fb835fb065e44a0dd66bd720462d
- SHA1
  
  466b4879565c90ef587bde27837a1bd3d415abfc
- SHA256
  
  cd287c4a679242b8b6e1d3e364e62c96bd32563c252c4620b8d2ad2036e43890
- SHA512
  
  e8d7b34f8c00b32d5ef356b8939278c620f7529462890b960d7f04f2e10b424801acad74dcf9ce8deb9addd00fdbca295fae31c9121e2184130ba7d2f037810c
- SSDEEP
  
  1536:kQpxoi++48Kw6KBOIW4Z8HO1Zwt0f4HeDUEdMOPy9sbgNWwo7JaSU:Vp++4fIr1ZNDUEdvwQG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence