9892501b01db7b40c94e28c1eca546a6290fffb09a22b0a6d992e10cdac28d0f | Triage

Sharing

General

Target

9892501b01db7b40c94e28c1eca546a6290fffb09a22b0a6d992e10cdac28d0f
Size

232KB
Sample

221129-vzc3paab57
MD5

3dc938498235b44004d95fd43bb3eaa0
SHA1

aa1e0728eb0c302b1d9acdf55dd86ceec36876a9
SHA256

9892501b01db7b40c94e28c1eca546a6290fffb09a22b0a6d992e10cdac28d0f
SHA512

c9cf2d40cff41dca72d55856941ae6704c26b298675873ea8f69124a259069565948cf7313915e0154d1f01098f03884e446f40f3177755b294e3eae41ec3ecb
SSDEEP

3072:HgXVlhx5v2gwwvyMZe+EVv64QWCyiHCqV/s0Qj:+fwayMwhVv6vWCyiHCqV/s0w

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9892501b01db7b40c94e28c1eca546a6290fffb09a22b0a6d992e10cdac28d0f
- Size
  
  232KB
- MD5
  
  3dc938498235b44004d95fd43bb3eaa0
- SHA1
  
  aa1e0728eb0c302b1d9acdf55dd86ceec36876a9
- SHA256
  
  9892501b01db7b40c94e28c1eca546a6290fffb09a22b0a6d992e10cdac28d0f
- SHA512
  
  c9cf2d40cff41dca72d55856941ae6704c26b298675873ea8f69124a259069565948cf7313915e0154d1f01098f03884e446f40f3177755b294e3eae41ec3ecb
- SSDEEP
  
  3072:HgXVlhx5v2gwwvyMZe+EVv64QWCyiHCqV/s0Qj:+fwayMwhVv6vWCyiHCqV/s0w
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence