a9ddefe5f43caf6e4fb3db393f6f71a7f7bb6ad0f19c19c787bd7a8473467c58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9ddefe5f43caf6e4fb3db393f6f71a7f7bb6ad0f19c19c787bd7a8473467c58
Size

176KB
Sample

221202-3kfh9shg4s
MD5

f42442da034fb8ca9cf8ee0e62393604
SHA1

6b6b550226e8378bd7dfae37fb28d113884a2991
SHA256

a9ddefe5f43caf6e4fb3db393f6f71a7f7bb6ad0f19c19c787bd7a8473467c58
SHA512

cc47aa3b41195cfe4caaa30dd42c244207f55f4d7c96bd37809a68f2d6ea2a0a59d527c7b2007eec1e39f8efe407ca499de7562335295c59aa5af31469b340e3
SSDEEP

3072:zdAh8C/nROzg7iiwJvXZETcbLn67kLpyRurohZbsn4KhWNUzMzGV5/bBD3yFL6V5:Wh7YU7iiwJvXZETcbLn6YLProhZbsn4/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a9ddefe5f43caf6e4fb3db393f6f71a7f7bb6ad0f19c19c787bd7a8473467c58
- Size
  
  176KB
- MD5
  
  f42442da034fb8ca9cf8ee0e62393604
- SHA1
  
  6b6b550226e8378bd7dfae37fb28d113884a2991
- SHA256
  
  a9ddefe5f43caf6e4fb3db393f6f71a7f7bb6ad0f19c19c787bd7a8473467c58
- SHA512
  
  cc47aa3b41195cfe4caaa30dd42c244207f55f4d7c96bd37809a68f2d6ea2a0a59d527c7b2007eec1e39f8efe407ca499de7562335295c59aa5af31469b340e3
- SSDEEP
  
  3072:zdAh8C/nROzg7iiwJvXZETcbLn67kLpyRurohZbsn4KhWNUzMzGV5/bBD3yFL6V5:Wh7YU7iiwJvXZETcbLn6YLProhZbsn4/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence