828ca533be77a1ab29bc0412aff059cbadfbb5f28f67ced5e1211c1b6d471467 | Triage

Sharing

General

Target

828ca533be77a1ab29bc0412aff059cbadfbb5f28f67ced5e1211c1b6d471467
Size

100KB
Sample

221129-sdmznadc9v
MD5

33b9242331fa98f3bac4eae6fbf18020
SHA1

6e4e1e4dd90b7999a53f24a977b20758c0a4da73
SHA256

828ca533be77a1ab29bc0412aff059cbadfbb5f28f67ced5e1211c1b6d471467
SHA512

a3f755ca5d7a664304674e26451d7d9c9d7ed8519362528951da44eb746d419efdec5c400a81cb66ee5ee38827ae6b4a73fa00e9c703a354d73890437c27cba3
SSDEEP

1536:k2xtGG582NTzwytMGAc4ohrPXo+73Rez8b0SyuNIjnZq:nbNwyEurPX7CuCnY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  828ca533be77a1ab29bc0412aff059cbadfbb5f28f67ced5e1211c1b6d471467
- Size
  
  100KB
- MD5
  
  33b9242331fa98f3bac4eae6fbf18020
- SHA1
  
  6e4e1e4dd90b7999a53f24a977b20758c0a4da73
- SHA256
  
  828ca533be77a1ab29bc0412aff059cbadfbb5f28f67ced5e1211c1b6d471467
- SHA512
  
  a3f755ca5d7a664304674e26451d7d9c9d7ed8519362528951da44eb746d419efdec5c400a81cb66ee5ee38827ae6b4a73fa00e9c703a354d73890437c27cba3
- SSDEEP
  
  1536:k2xtGG582NTzwytMGAc4ohrPXo+73Rez8b0SyuNIjnZq:nbNwyEurPX7CuCnY
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence