a4a28a18325c321ff9b3808509453b2f158e6a72a0ea9c83f7d4db851b3e4043 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4a28a18325c321ff9b3808509453b2f158e6a72a0ea9c83f7d4db851b3e4043
Size

204KB
Sample

221129-t5dqqsfc84
MD5

10460d08373a59ae1c163a628f12978a
SHA1

28a85e05ea1996538bba1afb4708a4e03341df26
SHA256

a4a28a18325c321ff9b3808509453b2f158e6a72a0ea9c83f7d4db851b3e4043
SHA512

8c23de9f288a5be28b9733f66cf7fb19474d8f3e1af71e6c1d77c38b7d067f5e6ba6b7eefe11b09805fd25fb288e0925ab298761853b45fe1b164e251aeb06b4
SSDEEP

3072:UAWLd32FYGYfJJiojqOayjUrrU2f7HbEH1/rKvo3moy:U/hJiojquErTf7Hoco3Q

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a4a28a18325c321ff9b3808509453b2f158e6a72a0ea9c83f7d4db851b3e4043
- Size
  
  204KB
- MD5
  
  10460d08373a59ae1c163a628f12978a
- SHA1
  
  28a85e05ea1996538bba1afb4708a4e03341df26
- SHA256
  
  a4a28a18325c321ff9b3808509453b2f158e6a72a0ea9c83f7d4db851b3e4043
- SHA512
  
  8c23de9f288a5be28b9733f66cf7fb19474d8f3e1af71e6c1d77c38b7d067f5e6ba6b7eefe11b09805fd25fb288e0925ab298761853b45fe1b164e251aeb06b4
- SSDEEP
  
  3072:UAWLd32FYGYfJJiojqOayjUrrU2f7HbEH1/rKvo3moy:U/hJiojquErTf7Hoco3Q
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence