ad78c425428efd63402cd8deef6ef136d20b2dfb995286527ce566103537c5ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad78c425428efd63402cd8deef6ef136d20b2dfb995286527ce566103537c5ee
Size

108KB
Sample

221201-2wgd9saa88
MD5

42de43fee0b357574db1337641003e9a
SHA1

4520e158546946b0ad0add79b911de6b867fbc44
SHA256

ad78c425428efd63402cd8deef6ef136d20b2dfb995286527ce566103537c5ee
SHA512

3b96b9acb2b0c8db6ee93b013476d2720911ccdc208dc25d9804e9aae66ebc4973cba973473a5afa572862a46e725b814b4f12e5814a3312b45acb5e079ef766
SSDEEP

1536:WqZSPFOJofZMf8G6oX+jHyELqOW3GFw7vwmqFkyYpWe5srvIyiA+UWI5Q0wXT50b:WF7oX+DO7LqW3XSCncX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ad78c425428efd63402cd8deef6ef136d20b2dfb995286527ce566103537c5ee
- Size
  
  108KB
- MD5
  
  42de43fee0b357574db1337641003e9a
- SHA1
  
  4520e158546946b0ad0add79b911de6b867fbc44
- SHA256
  
  ad78c425428efd63402cd8deef6ef136d20b2dfb995286527ce566103537c5ee
- SHA512
  
  3b96b9acb2b0c8db6ee93b013476d2720911ccdc208dc25d9804e9aae66ebc4973cba973473a5afa572862a46e725b814b4f12e5814a3312b45acb5e079ef766
- SSDEEP
  
  1536:WqZSPFOJofZMf8G6oX+jHyELqOW3GFw7vwmqFkyYpWe5srvIyiA+UWI5Q0wXT50b:WF7oX+DO7LqW3XSCncX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence