a9e4874879689e06c42d9da5c4c266bf9ed088219cbc3da29208dc9d01160f65 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9e4874879689e06c42d9da5c4c266bf9ed088219cbc3da29208dc9d01160f65
Size

192KB
Sample

221129-vvr12sce9v
MD5

854da764badd23454c595f38834e0a27
SHA1

20d66555b769a961555b0bd195a38e78f274ab66
SHA256

a9e4874879689e06c42d9da5c4c266bf9ed088219cbc3da29208dc9d01160f65
SHA512

a3c0b895dcc433262eb06431dc99bf93b6c964d8139a1511c07b061f25eda4b97005f7758c4e3e5576f264923a96d5647d6c10a2c61662f9e4f8ea474d86461b
SSDEEP

1536:hmHABQruHlTCsPRi4iti93MH9iV6MRfWzzp3BHReQbIYL2XoPLJB514R9/dJqi/7:k2QraTTRi4itiSHXzp3uYTPLJOhD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a9e4874879689e06c42d9da5c4c266bf9ed088219cbc3da29208dc9d01160f65
- Size
  
  192KB
- MD5
  
  854da764badd23454c595f38834e0a27
- SHA1
  
  20d66555b769a961555b0bd195a38e78f274ab66
- SHA256
  
  a9e4874879689e06c42d9da5c4c266bf9ed088219cbc3da29208dc9d01160f65
- SHA512
  
  a3c0b895dcc433262eb06431dc99bf93b6c964d8139a1511c07b061f25eda4b97005f7758c4e3e5576f264923a96d5647d6c10a2c61662f9e4f8ea474d86461b
- SSDEEP
  
  1536:hmHABQruHlTCsPRi4iti93MH9iV6MRfWzzp3BHReQbIYL2XoPLJB514R9/dJqi/7:k2QraTTRi4itiSHXzp3uYTPLJOhD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence