bac255816d4a2726d46e6c1224ef08b0f580d9316f740021f771b0139c79b190 | Triage

Sharing

General

Target

bac255816d4a2726d46e6c1224ef08b0f580d9316f740021f771b0139c79b190
Size

204KB
Sample

221129-vp3klahc46
MD5

3bab50ebfd96810e7ac768180b0833ad
SHA1

713fd45d0da93609b628d8e6aa167efafe56220e
SHA256

bac255816d4a2726d46e6c1224ef08b0f580d9316f740021f771b0139c79b190
SHA512

c968295cddccb9accdd4ee8d343508652bf756f66bd1f79335f76675a1ec0178b455ee0b6870d9087bb016257e58e434322b8ac7d991dc400e8fe22f51db4707
SSDEEP

3072:4myW8I0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWV4f:Dn34QxL7B9W0c1RCzR/fSmlug

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bac255816d4a2726d46e6c1224ef08b0f580d9316f740021f771b0139c79b190
- Size
  
  204KB
- MD5
  
  3bab50ebfd96810e7ac768180b0833ad
- SHA1
  
  713fd45d0da93609b628d8e6aa167efafe56220e
- SHA256
  
  bac255816d4a2726d46e6c1224ef08b0f580d9316f740021f771b0139c79b190
- SHA512
  
  c968295cddccb9accdd4ee8d343508652bf756f66bd1f79335f76675a1ec0178b455ee0b6870d9087bb016257e58e434322b8ac7d991dc400e8fe22f51db4707
- SSDEEP
  
  3072:4myW8I0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWV4f:Dn34QxL7B9W0c1RCzR/fSmlug
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence