1afe26afd319f8d46a0f303f87dd4692b529a3967b906b189ac433163ffb055e | Triage

Sharing

General

Target

1afe26afd319f8d46a0f303f87dd4692b529a3967b906b189ac433163ffb055e
Size

192KB
Sample

221129-sw191acb38
MD5

3a4108e487e2270e6b86b4507e492a20
SHA1

2c1fa3a5e1d39513ee5b2d39910dfcbe5e0bf902
SHA256

1afe26afd319f8d46a0f303f87dd4692b529a3967b906b189ac433163ffb055e
SHA512

9a0e1d6b19387b573c86e03053f6bb63a886b23ec3ae77565d087245c36609a58a0642371649cece83573f0784c8d620eb2c74efdf78b561aa0e864c39ae62c8
SSDEEP

3072:wu8+pADOBrpM3lt0bqO4deKIpS2Q9tC3UwtxaTSGzGXDzp8D8OJbhaDLe3o23:EOBr63cbqO40K394aTSGzGZ8ogfYe

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1afe26afd319f8d46a0f303f87dd4692b529a3967b906b189ac433163ffb055e
- Size
  
  192KB
- MD5
  
  3a4108e487e2270e6b86b4507e492a20
- SHA1
  
  2c1fa3a5e1d39513ee5b2d39910dfcbe5e0bf902
- SHA256
  
  1afe26afd319f8d46a0f303f87dd4692b529a3967b906b189ac433163ffb055e
- SHA512
  
  9a0e1d6b19387b573c86e03053f6bb63a886b23ec3ae77565d087245c36609a58a0642371649cece83573f0784c8d620eb2c74efdf78b561aa0e864c39ae62c8
- SSDEEP
  
  3072:wu8+pADOBrpM3lt0bqO4deKIpS2Q9tC3UwtxaTSGzGXDzp8D8OJbhaDLe3o23:EOBr63cbqO40K394aTSGzGZ8ogfYe
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence