819c6426d3894e2f9e36ff44c469c6d28aa652787d4afa95664bb6425f0502d5 | Triage

Sharing

General

Target

819c6426d3894e2f9e36ff44c469c6d28aa652787d4afa95664bb6425f0502d5
Size

92KB
Sample

221201-3nmfzsce97
MD5

86f66acf6f6f2e7e6936fb4d2ae3f4a3
SHA1

b748374caca42ad31ed37209c6aa0868d32de32f
SHA256

819c6426d3894e2f9e36ff44c469c6d28aa652787d4afa95664bb6425f0502d5
SHA512

b69b4eb9938c975cda348afb51cbef1e4b3001dbb34cbfb769b70c6d565d19c1a2727bd76d8f4e46ed48c6d3f28d9e1557aea06ae236104ccce8e31f93c012b0
SSDEEP

768:IdA3yEuZtBTSD9mx0CjIGhY4VVN2b1LllfRddcQVEWSdejXT+153qSgP:Idw0q9Cr0GhXKdTdTiWS0jG3qDP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  819c6426d3894e2f9e36ff44c469c6d28aa652787d4afa95664bb6425f0502d5
- Size
  
  92KB
- MD5
  
  86f66acf6f6f2e7e6936fb4d2ae3f4a3
- SHA1
  
  b748374caca42ad31ed37209c6aa0868d32de32f
- SHA256
  
  819c6426d3894e2f9e36ff44c469c6d28aa652787d4afa95664bb6425f0502d5
- SHA512
  
  b69b4eb9938c975cda348afb51cbef1e4b3001dbb34cbfb769b70c6d565d19c1a2727bd76d8f4e46ed48c6d3f28d9e1557aea06ae236104ccce8e31f93c012b0
- SSDEEP
  
  768:IdA3yEuZtBTSD9mx0CjIGhY4VVN2b1LllfRddcQVEWSdejXT+153qSgP:Idw0q9Cr0GhXKdTdTiWS0jG3qDP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence