8d4d1d88dd1e24473d3f8ca03c59e1e738e045988cded3532feff6be291c2d08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d4d1d88dd1e24473d3f8ca03c59e1e738e045988cded3532feff6be291c2d08
Size

124KB
Sample

221129-qrkeksff7s
MD5

11b440f296d968702c09c343854b31c8
SHA1

194e94cd7bc8e40517bfa310850631aed0bfb54b
SHA256

8d4d1d88dd1e24473d3f8ca03c59e1e738e045988cded3532feff6be291c2d08
SHA512

788d262fbfe5a6839e0ecdd6b7d1d2ff561b038587b648a11841e25a6481192760409513c7e8602935b037834e58b36d4e411b92528eca6573e95975f11926ff
SSDEEP

1536:PKEc7hwRuuBxeDtMYHa27J14ltxporZ45iMNeG0h/y:iEc7hwRukeV6gJ1uCt45eq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8d4d1d88dd1e24473d3f8ca03c59e1e738e045988cded3532feff6be291c2d08
- Size
  
  124KB
- MD5
  
  11b440f296d968702c09c343854b31c8
- SHA1
  
  194e94cd7bc8e40517bfa310850631aed0bfb54b
- SHA256
  
  8d4d1d88dd1e24473d3f8ca03c59e1e738e045988cded3532feff6be291c2d08
- SHA512
  
  788d262fbfe5a6839e0ecdd6b7d1d2ff561b038587b648a11841e25a6481192760409513c7e8602935b037834e58b36d4e411b92528eca6573e95975f11926ff
- SSDEEP
  
  1536:PKEc7hwRuuBxeDtMYHa27J14ltxporZ45iMNeG0h/y:iEc7hwRukeV6gJ1uCt45eq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence