cd5f4d0f74215e11f5b77d675c54dd813a130da8ae73b85e0b289ff44e0ebd60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd5f4d0f74215e11f5b77d675c54dd813a130da8ae73b85e0b289ff44e0ebd60
Size

104KB
Sample

221201-2kagkscb8s
MD5

b9c2b945701f5c04c7c249203c51ee2c
SHA1

7d8849c6c1779e7693a8579157767a2a517634f8
SHA256

cd5f4d0f74215e11f5b77d675c54dd813a130da8ae73b85e0b289ff44e0ebd60
SHA512

c609dfbfe8131d7396152e6a3886a517a06c07cb6bab95b2259bf8340b86d6d8af4af6621ba1b4bb0617d4964e4a3ca5bdc260248473db0cceb64db76d072108
SSDEEP

1536:wMLRvx+uNMs+HBchhQKNIqpOcQv0sTEFSocwB+XjLlm:FHd+eiKNZJQv0sToB+3s

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cd5f4d0f74215e11f5b77d675c54dd813a130da8ae73b85e0b289ff44e0ebd60
- Size
  
  104KB
- MD5
  
  b9c2b945701f5c04c7c249203c51ee2c
- SHA1
  
  7d8849c6c1779e7693a8579157767a2a517634f8
- SHA256
  
  cd5f4d0f74215e11f5b77d675c54dd813a130da8ae73b85e0b289ff44e0ebd60
- SHA512
  
  c609dfbfe8131d7396152e6a3886a517a06c07cb6bab95b2259bf8340b86d6d8af4af6621ba1b4bb0617d4964e4a3ca5bdc260248473db0cceb64db76d072108
- SSDEEP
  
  1536:wMLRvx+uNMs+HBchhQKNIqpOcQv0sTEFSocwB+XjLlm:FHd+eiKNZJQv0sToB+3s
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence