c04a2b4326fb00c59056100a6fd47b84ca026e4a7cd737a517183b959e27999a | Triage

Sharing

General

Target

c04a2b4326fb00c59056100a6fd47b84ca026e4a7cd737a517183b959e27999a
Size

308KB
Sample

221129-dw9h2sed3w
MD5

0f53a0fd64fb5846e9fb7a4d46351f44
SHA1

5b1338e737a5eafeadfdad442b34ebb9ec4a6c14
SHA256

c04a2b4326fb00c59056100a6fd47b84ca026e4a7cd737a517183b959e27999a
SHA512

2799edafd745316be2f079ad749533f3f4b4fa2e2d83fcb7603cff1048237a56e5705f6b6d22f4612cad273b8c57d1cc7f8a51eeda3d55c3e0f35a818fd96da1
SSDEEP

6144:1i0EDc6DTmfihzwoLApr8E8bHTTlK+effWfmqkE0d3:1RT6nfi8bHTCffWuCo

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c04a2b4326fb00c59056100a6fd47b84ca026e4a7cd737a517183b959e27999a
- Size
  
  308KB
- MD5
  
  0f53a0fd64fb5846e9fb7a4d46351f44
- SHA1
  
  5b1338e737a5eafeadfdad442b34ebb9ec4a6c14
- SHA256
  
  c04a2b4326fb00c59056100a6fd47b84ca026e4a7cd737a517183b959e27999a
- SHA512
  
  2799edafd745316be2f079ad749533f3f4b4fa2e2d83fcb7603cff1048237a56e5705f6b6d22f4612cad273b8c57d1cc7f8a51eeda3d55c3e0f35a818fd96da1
- SSDEEP
  
  6144:1i0EDc6DTmfihzwoLApr8E8bHTTlK+effWfmqkE0d3:1RT6nfi8bHTCffWuCo
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence