a611a96e47a1106bd79f5241742362964db96b4db3f62c43358fbf6d91c272ec | Triage

Sharing

General

Target

a611a96e47a1106bd79f5241742362964db96b4db3f62c43358fbf6d91c272ec
Size

104KB
Sample

221201-2ymztsac74
MD5

2277800e4fbc6141b346c8abeb513e01
SHA1

3a94407a06f68264d909dbb96e4635258f6919a3
SHA256

a611a96e47a1106bd79f5241742362964db96b4db3f62c43358fbf6d91c272ec
SHA512

4266113c120dcd3e874a7ccdd011321e045bec5993538d988e16b4ee9e2fa0b0b7a73e434f6966fc6822e2e3b2f18f7a0d9b526a666be7592d0a77a7eb250c8b
SSDEEP

1536:Q3LRvx+uZOs+HBchhQKNIqpOcQv0sTEFSocloXjLl03F:WP+eiKNZJQv0sTNo3m3F

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a611a96e47a1106bd79f5241742362964db96b4db3f62c43358fbf6d91c272ec
- Size
  
  104KB
- MD5
  
  2277800e4fbc6141b346c8abeb513e01
- SHA1
  
  3a94407a06f68264d909dbb96e4635258f6919a3
- SHA256
  
  a611a96e47a1106bd79f5241742362964db96b4db3f62c43358fbf6d91c272ec
- SHA512
  
  4266113c120dcd3e874a7ccdd011321e045bec5993538d988e16b4ee9e2fa0b0b7a73e434f6966fc6822e2e3b2f18f7a0d9b526a666be7592d0a77a7eb250c8b
- SSDEEP
  
  1536:Q3LRvx+uZOs+HBchhQKNIqpOcQv0sTEFSocloXjLl03F:WP+eiKNZJQv0sTNo3m3F
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence