5c15e75bbb851cd7ae004dfa57fe0ce220480c662ddaf84304d67c58a0d0df1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c15e75bbb851cd7ae004dfa57fe0ce220480c662ddaf84304d67c58a0d0df1a
Size

124KB
Sample

221201-3dh1tabf65
MD5

ba2c1460b8f7877f514a5a583a6a5e80
SHA1

802436d0516e4781507987521fdfa19f54156829
SHA256

5c15e75bbb851cd7ae004dfa57fe0ce220480c662ddaf84304d67c58a0d0df1a
SHA512

0b454a5433e9104e7ac9d8af1194c3e287d33ec2681e4dbe187a716814fce6c15f9b11ab464491266dc68c7d25644940f1dfaa27dd380fd8ba8cfea76574666e
SSDEEP

3072:u9L5bTL1ylTSpwpmzSfYlWBQxQobunKaP3E/+:25HL1ylWpwc4YlWBQxQMunKd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5c15e75bbb851cd7ae004dfa57fe0ce220480c662ddaf84304d67c58a0d0df1a
- Size
  
  124KB
- MD5
  
  ba2c1460b8f7877f514a5a583a6a5e80
- SHA1
  
  802436d0516e4781507987521fdfa19f54156829
- SHA256
  
  5c15e75bbb851cd7ae004dfa57fe0ce220480c662ddaf84304d67c58a0d0df1a
- SHA512
  
  0b454a5433e9104e7ac9d8af1194c3e287d33ec2681e4dbe187a716814fce6c15f9b11ab464491266dc68c7d25644940f1dfaa27dd380fd8ba8cfea76574666e
- SSDEEP
  
  3072:u9L5bTL1ylTSpwpmzSfYlWBQxQobunKaP3E/+:25HL1ylWpwc4YlWBQxQMunKd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence