17c2fe5715d0fe0aaf9ceeb8ac84a4e05ad10e3ba0dbcfc20f56a57fdcc2d61a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17c2fe5715d0fe0aaf9ceeb8ac84a4e05ad10e3ba0dbcfc20f56a57fdcc2d61a
Size

308KB
Sample

221201-3hxd1afd2x
MD5

048460e63d6c86fc2af0e31e7dff6790
SHA1

1be5ba3c5d5e727d65ec7834e6ed7a09c985d1fa
SHA256

17c2fe5715d0fe0aaf9ceeb8ac84a4e05ad10e3ba0dbcfc20f56a57fdcc2d61a
SHA512

9adcebffda43374f84d78411f5a937baaf7e91a0edff9381b79a1552f20ffe1fe5c1b01cf0b78899608e64a9fbaf047cd415168e154c86c6f16941fc2e248002
SSDEEP

6144:oAZPmbRzAV4LVPYS3K3GKd+cRo7+XFFGE:ozQ4aS3wXFEE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  17c2fe5715d0fe0aaf9ceeb8ac84a4e05ad10e3ba0dbcfc20f56a57fdcc2d61a
- Size
  
  308KB
- MD5
  
  048460e63d6c86fc2af0e31e7dff6790
- SHA1
  
  1be5ba3c5d5e727d65ec7834e6ed7a09c985d1fa
- SHA256
  
  17c2fe5715d0fe0aaf9ceeb8ac84a4e05ad10e3ba0dbcfc20f56a57fdcc2d61a
- SHA512
  
  9adcebffda43374f84d78411f5a937baaf7e91a0edff9381b79a1552f20ffe1fe5c1b01cf0b78899608e64a9fbaf047cd415168e154c86c6f16941fc2e248002
- SSDEEP
  
  6144:oAZPmbRzAV4LVPYS3K3GKd+cRo7+XFFGE:ozQ4aS3wXFEE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence