a3d2ca4a5da6f91dfd236819186795e17da1718d52b749d7ad54f6b46b91e948 | Triage

Sharing

General

Target

a3d2ca4a5da6f91dfd236819186795e17da1718d52b749d7ad54f6b46b91e948
Size

108KB
Sample

221201-2y6f6sde6w
MD5

4fe03c5f448407797e32391fc1121a7d
SHA1

a329a1afc4ea7912ca3f0d9310b607bed6ff7117
SHA256

a3d2ca4a5da6f91dfd236819186795e17da1718d52b749d7ad54f6b46b91e948
SHA512

71b55cca355ea9a59846fff864b2414a55db9e0d402e170d50a4abb4d8367843e57da07a0e1f0440751b0b67de1985b4da2c8e8b4a2fdc85c842d4ac0e76923b
SSDEEP

1536:sJtVIKiB6oQ7Lh5+sXmNt0ttiPXLq0zTrkB:MUmoIeZt1XTzToB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a3d2ca4a5da6f91dfd236819186795e17da1718d52b749d7ad54f6b46b91e948
- Size
  
  108KB
- MD5
  
  4fe03c5f448407797e32391fc1121a7d
- SHA1
  
  a329a1afc4ea7912ca3f0d9310b607bed6ff7117
- SHA256
  
  a3d2ca4a5da6f91dfd236819186795e17da1718d52b749d7ad54f6b46b91e948
- SHA512
  
  71b55cca355ea9a59846fff864b2414a55db9e0d402e170d50a4abb4d8367843e57da07a0e1f0440751b0b67de1985b4da2c8e8b4a2fdc85c842d4ac0e76923b
- SSDEEP
  
  1536:sJtVIKiB6oQ7Lh5+sXmNt0ttiPXLq0zTrkB:MUmoIeZt1XTzToB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence