d5867699ef8446d42faecc3b75eacc232287148f2f0f33f3b5ef37d71acedf8f | Triage

Sharing

General

Target

d5867699ef8446d42faecc3b75eacc232287148f2f0f33f3b5ef37d71acedf8f
Size

80KB
Sample

221201-2hctxsca3v
MD5

c13a226d71f4850a86798b7bc6ec1873
SHA1

8b8c607e9632f43b75d8a5c0b749aa5c9b08a556
SHA256

d5867699ef8446d42faecc3b75eacc232287148f2f0f33f3b5ef37d71acedf8f
SHA512

d5b6b6243e87da19e4e8bebd6220f4d08368bdc2957036ba345600da8867024e1ea6eb9af9eb0126d0f64ebced3ba20f11b2e9cb104c44d6abe814ee95cc3154
SSDEEP

1536:XIdqG6g7LWnICOqubrzocTzFJ0T72VpGT:e6dIVqgBTzFJ0T72aT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d5867699ef8446d42faecc3b75eacc232287148f2f0f33f3b5ef37d71acedf8f
- Size
  
  80KB
- MD5
  
  c13a226d71f4850a86798b7bc6ec1873
- SHA1
  
  8b8c607e9632f43b75d8a5c0b749aa5c9b08a556
- SHA256
  
  d5867699ef8446d42faecc3b75eacc232287148f2f0f33f3b5ef37d71acedf8f
- SHA512
  
  d5b6b6243e87da19e4e8bebd6220f4d08368bdc2957036ba345600da8867024e1ea6eb9af9eb0126d0f64ebced3ba20f11b2e9cb104c44d6abe814ee95cc3154
- SSDEEP
  
  1536:XIdqG6g7LWnICOqubrzocTzFJ0T72VpGT:e6dIVqgBTzFJ0T72aT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence