bdf2b21b23ec2e6ff5c49580d89b309979628c8ea101ccd8d943ab1e2f62dd6c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdf2b21b23ec2e6ff5c49580d89b309979628c8ea101ccd8d943ab1e2f62dd6c
Size

248KB
Sample

221201-2qapjacg3t
MD5

9f0793fe609e68775672a1832113e365
SHA1

946449d306c8eb910a483a825d659f21d12ca902
SHA256

bdf2b21b23ec2e6ff5c49580d89b309979628c8ea101ccd8d943ab1e2f62dd6c
SHA512

21ac7e301ad94322666987e15ff66d0856b9c2be214afd7c25e9445553c6146c046c850f9b4688a6948ad7c2071973a6f7fb369269be4a770fd8aefa7dd4e623
SSDEEP

3072:Um38lijxjXhI8hPNOkTJeJ7JwJHJ6JkBTrwGXfXkaA3tq14x6RgP+x+Tidc2YffS:NgiJhNNop2pYOLzulRBgF

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bdf2b21b23ec2e6ff5c49580d89b309979628c8ea101ccd8d943ab1e2f62dd6c
- Size
  
  248KB
- MD5
  
  9f0793fe609e68775672a1832113e365
- SHA1
  
  946449d306c8eb910a483a825d659f21d12ca902
- SHA256
  
  bdf2b21b23ec2e6ff5c49580d89b309979628c8ea101ccd8d943ab1e2f62dd6c
- SHA512
  
  21ac7e301ad94322666987e15ff66d0856b9c2be214afd7c25e9445553c6146c046c850f9b4688a6948ad7c2071973a6f7fb369269be4a770fd8aefa7dd4e623
- SSDEEP
  
  3072:Um38lijxjXhI8hPNOkTJeJ7JwJHJ6JkBTrwGXfXkaA3tq14x6RgP+x+Tidc2YffS:NgiJhNNop2pYOLzulRBgF
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence