b4c39704e03eec805fd9c7b66bbc1f9ea1bfb0c18fe403879430558fe2dd6ded | Triage

Sharing

General

Target

b4c39704e03eec805fd9c7b66bbc1f9ea1bfb0c18fe403879430558fe2dd6ded
Size

132KB
Sample

221127-xkc59aeg4s
MD5

22bb6773516a2ad2fef8db0874990f3b
SHA1

d12b27396198b446ddbaab273593acdca15ff63f
SHA256

b4c39704e03eec805fd9c7b66bbc1f9ea1bfb0c18fe403879430558fe2dd6ded
SHA512

af7fb54153d2b7a3abac12cda6e70a88b211492d62cadd88f61749dbd6d4fb87aee19050a3a554bbb4aa55a0e21cc69605b4aa2a46767c1835d7d93b2636fb1b
SSDEEP

1536:cwWxwgYu9+7gWbrimfWSeJFzkRcTwdE1dIumgDL0FfxTGypitFdY:cwoT8gWi2eJFzkRswZumgDLOffitXY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b4c39704e03eec805fd9c7b66bbc1f9ea1bfb0c18fe403879430558fe2dd6ded
- Size
  
  132KB
- MD5
  
  22bb6773516a2ad2fef8db0874990f3b
- SHA1
  
  d12b27396198b446ddbaab273593acdca15ff63f
- SHA256
  
  b4c39704e03eec805fd9c7b66bbc1f9ea1bfb0c18fe403879430558fe2dd6ded
- SHA512
  
  af7fb54153d2b7a3abac12cda6e70a88b211492d62cadd88f61749dbd6d4fb87aee19050a3a554bbb4aa55a0e21cc69605b4aa2a46767c1835d7d93b2636fb1b
- SSDEEP
  
  1536:cwWxwgYu9+7gWbrimfWSeJFzkRcTwdE1dIumgDL0FfxTGypitFdY:cwoT8gWi2eJFzkRswZumgDLOffitXY
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence