cba1c4ad11d46e8a54e7ef3a412a0b983f45f30c7907cd2edb8dacfa00a7975a | Triage

Sharing

General

Target

cba1c4ad11d46e8a54e7ef3a412a0b983f45f30c7907cd2edb8dacfa00a7975a
Size

108KB
Sample

221129-vkemzagg39
MD5

af043140a3fea6487413027b04c8f1f8
SHA1

c83ef91ccf8a33018f151d44924617eb9c4e876c
SHA256

cba1c4ad11d46e8a54e7ef3a412a0b983f45f30c7907cd2edb8dacfa00a7975a
SHA512

4df3d452a9aea20024498cae09ade2938e1de7d91d20d3358f6a04df48f77b34d12653525c8cc742d901ddf6bdf863060b0085b1721b8ca570ed56348d344afd
SSDEEP

1536:M6CZKiB6oQ7Lh5+sXmNt0ttJPXLq0zTrkC:7ImoIeZt0XTzToC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cba1c4ad11d46e8a54e7ef3a412a0b983f45f30c7907cd2edb8dacfa00a7975a
- Size
  
  108KB
- MD5
  
  af043140a3fea6487413027b04c8f1f8
- SHA1
  
  c83ef91ccf8a33018f151d44924617eb9c4e876c
- SHA256
  
  cba1c4ad11d46e8a54e7ef3a412a0b983f45f30c7907cd2edb8dacfa00a7975a
- SHA512
  
  4df3d452a9aea20024498cae09ade2938e1de7d91d20d3358f6a04df48f77b34d12653525c8cc742d901ddf6bdf863060b0085b1721b8ca570ed56348d344afd
- SSDEEP
  
  1536:M6CZKiB6oQ7Lh5+sXmNt0ttJPXLq0zTrkC:7ImoIeZt0XTzToC
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence