8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363 | Triage

Sharing

General

Target

8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363
Size

224KB
Sample

221129-v3zqvsae62
MD5

d31c81db17f8fc1309c7528925ec93db
SHA1

3a55ffcea1bd5a6f59e6c6f90a0f6c9a7d62a1a9
SHA256

8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363
SHA512

7d7980ce04f04c0db9aafd278a230a767292edeb211d74f4c22ab6af16b8147ea69366880d0a266df13b0e37cf9fb8f01bd25320f7d09b5f8d904b71e61d30c8
SSDEEP

3072:q788E5EEqiJAKMN9DAXamLKAcfbKyZwP02bVq3NZMf:qW54KMN9DtAcfbK/qT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363
- Size
  
  224KB
- MD5
  
  d31c81db17f8fc1309c7528925ec93db
- SHA1
  
  3a55ffcea1bd5a6f59e6c6f90a0f6c9a7d62a1a9
- SHA256
  
  8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363
- SHA512
  
  7d7980ce04f04c0db9aafd278a230a767292edeb211d74f4c22ab6af16b8147ea69366880d0a266df13b0e37cf9fb8f01bd25320f7d09b5f8d904b71e61d30c8
- SSDEEP
  
  3072:q788E5EEqiJAKMN9DAXamLKAcfbKyZwP02bVq3NZMf:qW54KMN9DtAcfbK/qT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence