c156a1640742b4dff1b084e66c33fde8234a9eadd68e75a6c7f54b411af0ab19 | Triage

Sharing

General

Target

c156a1640742b4dff1b084e66c33fde8234a9eadd68e75a6c7f54b411af0ab19
Size

80KB
Sample

221129-dzf1xaee8y
MD5

c5acbe75fc88475610ade31fa594a71b
SHA1

664b8032ba52aa926ba8f01a32dcf50fc1079df6
SHA256

c156a1640742b4dff1b084e66c33fde8234a9eadd68e75a6c7f54b411af0ab19
SHA512

393be8ef508808d3738bc9a09ac531a1432b1078259b3d982bc4fe6ac4e1e6c720251b7da2a5059b64510309f8cabfe3aadf30baec9ea77889baa740bb450f12
SSDEEP

768:E4wqbVmf0fDUop1AShqG9jy1R2g7VnxPPB4qHfA5pcZdFveLuRQ1H2GBVI6Z:J4f8DRCST9XUZHfAUZ7yuRQ11VI6Z

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c156a1640742b4dff1b084e66c33fde8234a9eadd68e75a6c7f54b411af0ab19
- Size
  
  80KB
- MD5
  
  c5acbe75fc88475610ade31fa594a71b
- SHA1
  
  664b8032ba52aa926ba8f01a32dcf50fc1079df6
- SHA256
  
  c156a1640742b4dff1b084e66c33fde8234a9eadd68e75a6c7f54b411af0ab19
- SHA512
  
  393be8ef508808d3738bc9a09ac531a1432b1078259b3d982bc4fe6ac4e1e6c720251b7da2a5059b64510309f8cabfe3aadf30baec9ea77889baa740bb450f12
- SSDEEP
  
  768:E4wqbVmf0fDUop1AShqG9jy1R2g7VnxPPB4qHfA5pcZdFveLuRQ1H2GBVI6Z:J4f8DRCST9XUZHfAUZ7yuRQ11VI6Z
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence