83d5e5bb52ad857c1da9e9bb5903aaad70e6d3418e85bd7f517b7aa2331153d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83d5e5bb52ad857c1da9e9bb5903aaad70e6d3418e85bd7f517b7aa2331153d0
Size

384KB
Sample

221201-3wnzsage4s
MD5

1b8cfde83f63066fb19dfe50059ddffc
SHA1

938cfb9bcc9bfcce9bf23d8056ce019366a7e044
SHA256

83d5e5bb52ad857c1da9e9bb5903aaad70e6d3418e85bd7f517b7aa2331153d0
SHA512

85d9f8a8e991ded978a7c5b0e64bb511e670587e21debc09b708839fddb9acf31cb8a87243ba61f7ed9c54510b81c7b8ac86677a12f40904927da73952ef7969
SSDEEP

6144:KfZmMy8B+UDBdIA6h/TzMk+nLyEGw3OG5yA0WN8aBdAykc+wLRT6vTwsa8BLsATW:kmMHB+UDBdIA6h/Tz7+nLyB/sZKfLsc4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  83d5e5bb52ad857c1da9e9bb5903aaad70e6d3418e85bd7f517b7aa2331153d0
- Size
  
  384KB
- MD5
  
  1b8cfde83f63066fb19dfe50059ddffc
- SHA1
  
  938cfb9bcc9bfcce9bf23d8056ce019366a7e044
- SHA256
  
  83d5e5bb52ad857c1da9e9bb5903aaad70e6d3418e85bd7f517b7aa2331153d0
- SHA512
  
  85d9f8a8e991ded978a7c5b0e64bb511e670587e21debc09b708839fddb9acf31cb8a87243ba61f7ed9c54510b81c7b8ac86677a12f40904927da73952ef7969
- SSDEEP
  
  6144:KfZmMy8B+UDBdIA6h/TzMk+nLyEGw3OG5yA0WN8aBdAykc+wLRT6vTwsa8BLsATW:kmMHB+UDBdIA6h/Tz7+nLyB/sZKfLsc4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence