c8d7ac5bfef71ef826e1d5c51eacce5e95b3e2e195ff3db58014f6e3b233c541 | Triage

Sharing

General

Target

c8d7ac5bfef71ef826e1d5c51eacce5e95b3e2e195ff3db58014f6e3b233c541
Size

244KB
Sample

221201-3te9vsgc7t
MD5

dd3295f36b65c22f59615443390a8637
SHA1

9405910f2b2a380f29630ad35996c0922607ea9f
SHA256

c8d7ac5bfef71ef826e1d5c51eacce5e95b3e2e195ff3db58014f6e3b233c541
SHA512

53b6b912fa8f5ec3bfaa90bb8c6d811ffa0b178ae8de74e1b840254ae872aedb8979095751f5ad894ec20cca08488a76241d959622414e876d0e6755ab7707ec
SSDEEP

3072:qjD2lWO5hcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnj+v:kKMCyy1imdJgc4s2QRhH5IX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c8d7ac5bfef71ef826e1d5c51eacce5e95b3e2e195ff3db58014f6e3b233c541
- Size
  
  244KB
- MD5
  
  dd3295f36b65c22f59615443390a8637
- SHA1
  
  9405910f2b2a380f29630ad35996c0922607ea9f
- SHA256
  
  c8d7ac5bfef71ef826e1d5c51eacce5e95b3e2e195ff3db58014f6e3b233c541
- SHA512
  
  53b6b912fa8f5ec3bfaa90bb8c6d811ffa0b178ae8de74e1b840254ae872aedb8979095751f5ad894ec20cca08488a76241d959622414e876d0e6755ab7707ec
- SSDEEP
  
  3072:qjD2lWO5hcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnj+v:kKMCyy1imdJgc4s2QRhH5IX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence