bc8b419793b3ccc0ef565ba7e0b5e95724a9590cc1578f351b9439d39e72116a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc8b419793b3ccc0ef565ba7e0b5e95724a9590cc1578f351b9439d39e72116a
Size

252KB
Sample

221129-dldcvsde31
MD5

6127dd2c32d06962240c1d69ca0c09ad
SHA1

b963586df5096f0af20c306aca0267b544ccced2
SHA256

bc8b419793b3ccc0ef565ba7e0b5e95724a9590cc1578f351b9439d39e72116a
SHA512

688236c9c03d1df31c3bd4bf2e5e5b54ea76d634af0812c26022e676bb352b5c00a7d7ecfce6a95ed02a81741ac339ebb4d54bc4a8129cf8636251f9036697e1
SSDEEP

3072:1rAckx7LaXsWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKWx0:1rLFx/ZLA4PmG6d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bc8b419793b3ccc0ef565ba7e0b5e95724a9590cc1578f351b9439d39e72116a
- Size
  
  252KB
- MD5
  
  6127dd2c32d06962240c1d69ca0c09ad
- SHA1
  
  b963586df5096f0af20c306aca0267b544ccced2
- SHA256
  
  bc8b419793b3ccc0ef565ba7e0b5e95724a9590cc1578f351b9439d39e72116a
- SHA512
  
  688236c9c03d1df31c3bd4bf2e5e5b54ea76d634af0812c26022e676bb352b5c00a7d7ecfce6a95ed02a81741ac339ebb4d54bc4a8129cf8636251f9036697e1
- SSDEEP
  
  3072:1rAckx7LaXsWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKWx0:1rLFx/ZLA4PmG6d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence