44cc4433a4553bc968c9ecb1036872fbf1d0fd45068d03ab3fe7ab27d9168b4b | Triage

Sharing

General

Target

44cc4433a4553bc968c9ecb1036872fbf1d0fd45068d03ab3fe7ab27d9168b4b
Size

260KB
Sample

221201-3xp88sgf2t
MD5

1ee4e2811c7aadbd5f96f7b348888f10
SHA1

648b238db02a82b582ace6336bcacba67aeda9f9
SHA256

44cc4433a4553bc968c9ecb1036872fbf1d0fd45068d03ab3fe7ab27d9168b4b
SHA512

b0826d3da562e61068401f5ddfa0177a2070c0a452b2f0b68f140bd56c9ea9d95bba8e5257a6fdba53e20e125daca76b1f7d9a10b565cd80e64b7c16b6b47a9a
SSDEEP

3072:8gfAlNfRiIwvh25n/kZoSUjMqXnpWAkpAmTSrMaIOYt/jo7LAtPhjjtZnfHFEoWM:8dJgTSrMaIl/jcLijfHFEHWzXvjT85R

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  44cc4433a4553bc968c9ecb1036872fbf1d0fd45068d03ab3fe7ab27d9168b4b
- Size
  
  260KB
- MD5
  
  1ee4e2811c7aadbd5f96f7b348888f10
- SHA1
  
  648b238db02a82b582ace6336bcacba67aeda9f9
- SHA256
  
  44cc4433a4553bc968c9ecb1036872fbf1d0fd45068d03ab3fe7ab27d9168b4b
- SHA512
  
  b0826d3da562e61068401f5ddfa0177a2070c0a452b2f0b68f140bd56c9ea9d95bba8e5257a6fdba53e20e125daca76b1f7d9a10b565cd80e64b7c16b6b47a9a
- SSDEEP
  
  3072:8gfAlNfRiIwvh25n/kZoSUjMqXnpWAkpAmTSrMaIOYt/jo7LAtPhjjtZnfHFEoWM:8dJgTSrMaIl/jcLijfHFEHWzXvjT85R
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence