70aef822cc418a6c6706de4bcbdf4bfdf91794f7c03ed3cbe70ad576b51b849c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70aef822cc418a6c6706de4bcbdf4bfdf91794f7c03ed3cbe70ad576b51b849c
Size

140KB
Sample

221127-vz8vcsab2v
MD5

a92694cfb3688d8107380f34657dd516
SHA1

29ca9bf0e72178fb3ea207bf9db6898d79b1d8d5
SHA256

70aef822cc418a6c6706de4bcbdf4bfdf91794f7c03ed3cbe70ad576b51b849c
SHA512

93b066adb880db0e95e39a69214471558d30e0b74ecddd63325c3072df904f72f08ec55d9414c037167f085bc89606b43f9b9db989759b1fede7ed9edc3f7bc2
SSDEEP

768:zHwIfhyt4pd04q0zik+vhy7g0EM/LinbQuo2/:rTeEn3+pCg0EUGQux

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  70aef822cc418a6c6706de4bcbdf4bfdf91794f7c03ed3cbe70ad576b51b849c
- Size
  
  140KB
- MD5
  
  a92694cfb3688d8107380f34657dd516
- SHA1
  
  29ca9bf0e72178fb3ea207bf9db6898d79b1d8d5
- SHA256
  
  70aef822cc418a6c6706de4bcbdf4bfdf91794f7c03ed3cbe70ad576b51b849c
- SHA512
  
  93b066adb880db0e95e39a69214471558d30e0b74ecddd63325c3072df904f72f08ec55d9414c037167f085bc89606b43f9b9db989759b1fede7ed9edc3f7bc2
- SSDEEP
  
  768:zHwIfhyt4pd04q0zik+vhy7g0EM/LinbQuo2/:rTeEn3+pCg0EUGQux
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence