bcf594867fdf3ab17f1d886a4a21c7b3bafdd1d758bfbc8ca9a32ec8a8f4bc9a | Triage

Sharing

General

Target

bcf594867fdf3ab17f1d886a4a21c7b3bafdd1d758bfbc8ca9a32ec8a8f4bc9a
Size

420KB
Sample

221129-vpjgqahb88
MD5

7a454fa985be19c741a02d72a85d4dab
SHA1

352b5be5f93702b8f7f93a9672c4636e3a1137bc
SHA256

bcf594867fdf3ab17f1d886a4a21c7b3bafdd1d758bfbc8ca9a32ec8a8f4bc9a
SHA512

cab77cbeb9ddd5b1fdedc4174564aaf606f8e36b61f6295bede4589cc319e819643cff37054b1e9b4ec0b78e831f6073ffd980b93ae246eca8d6b3debc8857bf
SSDEEP

6144:HwW8jqFk7qFoQudlhiP5+6yCtfGiIpZFGd:Hfb2QudeYrfFo

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bcf594867fdf3ab17f1d886a4a21c7b3bafdd1d758bfbc8ca9a32ec8a8f4bc9a
- Size
  
  420KB
- MD5
  
  7a454fa985be19c741a02d72a85d4dab
- SHA1
  
  352b5be5f93702b8f7f93a9672c4636e3a1137bc
- SHA256
  
  bcf594867fdf3ab17f1d886a4a21c7b3bafdd1d758bfbc8ca9a32ec8a8f4bc9a
- SHA512
  
  cab77cbeb9ddd5b1fdedc4174564aaf606f8e36b61f6295bede4589cc319e819643cff37054b1e9b4ec0b78e831f6073ffd980b93ae246eca8d6b3debc8857bf
- SSDEEP
  
  6144:HwW8jqFk7qFoQudlhiP5+6yCtfGiIpZFGd:Hfb2QudeYrfFo
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence