c3ff0c14844495c91b62701dd1ee86f72c6c569cb2c5150a8292e1d832b84a03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c3ff0c14844495c91b62701dd1ee86f72c6c569cb2c5150a8292e1d832b84a03
Size

180KB
Sample

221201-2m5qhahd23
MD5

b1a758340b035f760773fc6762af3751
SHA1

283f08331c7505d95eb26f9a3cb6b7d8856fb8ba
SHA256

c3ff0c14844495c91b62701dd1ee86f72c6c569cb2c5150a8292e1d832b84a03
SHA512

0c4b0665185084663ab8ba5df9c22dc577f4ea04ff9e274449c3b9d47e758cb09dda4f1372b777f659a626a6b211fbfdaf6213fc929f3e2af7f19fdc4d5ce23c
SSDEEP

1536:Z7aZw99C4YUUTq2Q/hZx7vkrkx/xBEWs3D/:Mmcrkx/xHs3D

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c3ff0c14844495c91b62701dd1ee86f72c6c569cb2c5150a8292e1d832b84a03
- Size
  
  180KB
- MD5
  
  b1a758340b035f760773fc6762af3751
- SHA1
  
  283f08331c7505d95eb26f9a3cb6b7d8856fb8ba
- SHA256
  
  c3ff0c14844495c91b62701dd1ee86f72c6c569cb2c5150a8292e1d832b84a03
- SHA512
  
  0c4b0665185084663ab8ba5df9c22dc577f4ea04ff9e274449c3b9d47e758cb09dda4f1372b777f659a626a6b211fbfdaf6213fc929f3e2af7f19fdc4d5ce23c
- SSDEEP
  
  1536:Z7aZw99C4YUUTq2Q/hZx7vkrkx/xBEWs3D/:Mmcrkx/xHs3D
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence