c391a1138c6fb7e7f249e08a49759eed7505dee9ca7469827e14bae01adb0f99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c391a1138c6fb7e7f249e08a49759eed7505dee9ca7469827e14bae01adb0f99
Size

204KB
Sample

221129-vmsmlsha47
MD5

936f5159177283eae45476f127919f57
SHA1

cdb9aecfbd0f65d6ace73d27f7d64e24b6c8a987
SHA256

c391a1138c6fb7e7f249e08a49759eed7505dee9ca7469827e14bae01adb0f99
SHA512

911481b30ada46443f137df454ba3419654d9d3786e796ee41901eda36fd4c107664f403dd43e959c8d1cc9bea9f8a5e89648f1f248fc9f2e83ac6eb91aa7a3b
SSDEEP

3072:CmMW8UX0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWSr:tB74QxL7B9W0c1RCzR/fSmlr

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c391a1138c6fb7e7f249e08a49759eed7505dee9ca7469827e14bae01adb0f99
- Size
  
  204KB
- MD5
  
  936f5159177283eae45476f127919f57
- SHA1
  
  cdb9aecfbd0f65d6ace73d27f7d64e24b6c8a987
- SHA256
  
  c391a1138c6fb7e7f249e08a49759eed7505dee9ca7469827e14bae01adb0f99
- SHA512
  
  911481b30ada46443f137df454ba3419654d9d3786e796ee41901eda36fd4c107664f403dd43e959c8d1cc9bea9f8a5e89648f1f248fc9f2e83ac6eb91aa7a3b
- SSDEEP
  
  3072:CmMW8UX0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWSr:tB74QxL7B9W0c1RCzR/fSmlr
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence