9788dcad1f22cda271e54eb00f8c70bc4afbc457eb924028e61b34959b32b55f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9788dcad1f22cda271e54eb00f8c70bc4afbc457eb924028e61b34959b32b55f
Size

420KB
Sample

221128-b3gqhaad9t
MD5

0c8fda81008050eb10df1048939fc652
SHA1

91a753c2bafbf2750f06fcdefc76bf31b765f07b
SHA256

9788dcad1f22cda271e54eb00f8c70bc4afbc457eb924028e61b34959b32b55f
SHA512

d9d5286d75010dffbcd77cbe1904f8f8d2de20338323288d3f8c8a80a0f7ef8d54d74705c7427f306735180c7888d3ffb06437ba6e76303b3499fc8cf0d8360d
SSDEEP

6144:gwW6jqFk7qFoQudlhiP5+6yCtfGiIAZFG:gfl2QudeYr0F

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9788dcad1f22cda271e54eb00f8c70bc4afbc457eb924028e61b34959b32b55f
- Size
  
  420KB
- MD5
  
  0c8fda81008050eb10df1048939fc652
- SHA1
  
  91a753c2bafbf2750f06fcdefc76bf31b765f07b
- SHA256
  
  9788dcad1f22cda271e54eb00f8c70bc4afbc457eb924028e61b34959b32b55f
- SHA512
  
  d9d5286d75010dffbcd77cbe1904f8f8d2de20338323288d3f8c8a80a0f7ef8d54d74705c7427f306735180c7888d3ffb06437ba6e76303b3499fc8cf0d8360d
- SSDEEP
  
  6144:gwW6jqFk7qFoQudlhiP5+6yCtfGiIAZFG:gfl2QudeYr0F
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence