b275f95d51cdb16a7e9c52f933221fd978c76f657b8f5c2304839bb3e344103f | Triage

Sharing

General

Target

b275f95d51cdb16a7e9c52f933221fd978c76f657b8f5c2304839bb3e344103f
Size

80KB
Sample

221201-2tykrshh72
MD5

a6ae85bbd8f25521676903abca96be66
SHA1

889c09e276252dc1303bfc6ceba37a41e768af34
SHA256

b275f95d51cdb16a7e9c52f933221fd978c76f657b8f5c2304839bb3e344103f
SHA512

9ed52ef6474d943f398c6b1dcef6bb7024e15c25094cb9487863c6d15c3261845961c46462f124cf7a6fc6553a05398cb999c6e8f59c8c8b8bf2af2aac10f97e
SSDEEP

1536:jz8Shbn5tPSxXmeCC9bCoCMBlAwiVpwFJ0T72mocT:7h2BlGEFJ0T72mBT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b275f95d51cdb16a7e9c52f933221fd978c76f657b8f5c2304839bb3e344103f
- Size
  
  80KB
- MD5
  
  a6ae85bbd8f25521676903abca96be66
- SHA1
  
  889c09e276252dc1303bfc6ceba37a41e768af34
- SHA256
  
  b275f95d51cdb16a7e9c52f933221fd978c76f657b8f5c2304839bb3e344103f
- SHA512
  
  9ed52ef6474d943f398c6b1dcef6bb7024e15c25094cb9487863c6d15c3261845961c46462f124cf7a6fc6553a05398cb999c6e8f59c8c8b8bf2af2aac10f97e
- SSDEEP
  
  1536:jz8Shbn5tPSxXmeCC9bCoCMBlAwiVpwFJ0T72mocT:7h2BlGEFJ0T72mBT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence