c8287d313aa69a4fe7667a19c1fe4c4ef9ccfc4c4e148d8912fb716408803c40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8287d313aa69a4fe7667a19c1fe4c4ef9ccfc4c4e148d8912fb716408803c40
Size

252KB
Sample

221129-dlcrbsde3z
MD5

0ac509b07075071362f199dc64d012b3
SHA1

7a06dc957353ff3db3a24b2e9215b0fc55535302
SHA256

c8287d313aa69a4fe7667a19c1fe4c4ef9ccfc4c4e148d8912fb716408803c40
SHA512

017d67d80b8aa79cbcb4c83705d65d16db29eaee8e1f0c097fdf2064536df418fb241f4bb20cbeb144fb63c3dfe5d75652ac445d2ac954e2db4eef9c855da5f2
SSDEEP

3072:VrAc/x7La2sWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKtjWW:VrlFx/ZLA4PmG6d7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c8287d313aa69a4fe7667a19c1fe4c4ef9ccfc4c4e148d8912fb716408803c40
- Size
  
  252KB
- MD5
  
  0ac509b07075071362f199dc64d012b3
- SHA1
  
  7a06dc957353ff3db3a24b2e9215b0fc55535302
- SHA256
  
  c8287d313aa69a4fe7667a19c1fe4c4ef9ccfc4c4e148d8912fb716408803c40
- SHA512
  
  017d67d80b8aa79cbcb4c83705d65d16db29eaee8e1f0c097fdf2064536df418fb241f4bb20cbeb144fb63c3dfe5d75652ac445d2ac954e2db4eef9c855da5f2
- SSDEEP
  
  3072:VrAc/x7La2sWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKtjWW:VrlFx/ZLA4PmG6d7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence