09a8354aa390f350e2992d12a73554706645df7843ed1f03880a798555b8abc2 | Triage

Sharing

General

Target

09a8354aa390f350e2992d12a73554706645df7843ed1f03880a798555b8abc2
Size

248KB
Sample

221127-xg52vsee6v
MD5

f9fcad313857098d303a6ce77a8fcc63
SHA1

0d2337408f358d275c7145211b3a37e374806efb
SHA256

09a8354aa390f350e2992d12a73554706645df7843ed1f03880a798555b8abc2
SHA512

890f5221b8a12336fd141e81412a5082a33aec9bb94b5a78a654bf93c2601d00cab7a64dba9feae19299cfb960154df1b778c5cf4ed23cfa1848692582d24e5a
SSDEEP

6144:pHM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0Dj:ps5CLkFfnRnWKnvmb7/D26qndv0Dj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  09a8354aa390f350e2992d12a73554706645df7843ed1f03880a798555b8abc2
- Size
  
  248KB
- MD5
  
  f9fcad313857098d303a6ce77a8fcc63
- SHA1
  
  0d2337408f358d275c7145211b3a37e374806efb
- SHA256
  
  09a8354aa390f350e2992d12a73554706645df7843ed1f03880a798555b8abc2
- SHA512
  
  890f5221b8a12336fd141e81412a5082a33aec9bb94b5a78a654bf93c2601d00cab7a64dba9feae19299cfb960154df1b778c5cf4ed23cfa1848692582d24e5a
- SSDEEP
  
  6144:pHM5CElofkFWQPtnRneqAKnvmb7/D269fgwMty0e6ndv0Dj:ps5CLkFfnRnWKnvmb7/D26qndv0Dj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence