c70fd94e147a874376ce845cda4d6d749749534ab50a241acc10c3ab475f7c11 | Triage

Sharing

General

Target

c70fd94e147a874376ce845cda4d6d749749534ab50a241acc10c3ab475f7c11
Size

180KB
Sample

221129-t2seqahh5x
MD5

718161a1a99adb2ce1be6c777fc89a15
SHA1

321bc460ccf06832d901b38b7bec96e09f19eb33
SHA256

c70fd94e147a874376ce845cda4d6d749749534ab50a241acc10c3ab475f7c11
SHA512

ef86494cfc37cc83413f6cbedccf42cf73611b9428a2fdd61bdbe2ac20055ddf24e2e661ba986d72210a31490949cac981d26980768398ba62ddf2ba6fa1930c
SSDEEP

3072:xPqSC+y50cm1tnRd5GK/fObT/bGinhssp9nPVmvEfL2co3ZwURmkPiR/+5kS3h:1qSC+Lcm1Dd0K/fObT/bGihssp1VmvE4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c70fd94e147a874376ce845cda4d6d749749534ab50a241acc10c3ab475f7c11
- Size
  
  180KB
- MD5
  
  718161a1a99adb2ce1be6c777fc89a15
- SHA1
  
  321bc460ccf06832d901b38b7bec96e09f19eb33
- SHA256
  
  c70fd94e147a874376ce845cda4d6d749749534ab50a241acc10c3ab475f7c11
- SHA512
  
  ef86494cfc37cc83413f6cbedccf42cf73611b9428a2fdd61bdbe2ac20055ddf24e2e661ba986d72210a31490949cac981d26980768398ba62ddf2ba6fa1930c
- SSDEEP
  
  3072:xPqSC+y50cm1tnRd5GK/fObT/bGinhssp9nPVmvEfL2co3ZwURmkPiR/+5kS3h:1qSC+Lcm1Dd0K/fObT/bGihssp1VmvE4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence