ad0e76e2d0687c1c76ec8c706f0113b9b8459dc6c14e75864afbf876501bcfef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad0e76e2d0687c1c76ec8c706f0113b9b8459dc6c14e75864afbf876501bcfef
Size

293KB
Sample

221202-3qpdcsfa92
MD5

4f93ca947f0bde1b6cdca3d515d7eef9
SHA1

9ddfe6858ab0cb510c1569c93da85783ab9dfaa1
SHA256

ad0e76e2d0687c1c76ec8c706f0113b9b8459dc6c14e75864afbf876501bcfef
SHA512

233be13cee29763bf22493cb2277683f3826b0ceace0b186f04b5ca27dabe3a6058f1ac8239407682ea34ce98b0c6b9d351c90a97162113d695158e2623b9786
SSDEEP

6144:7uaPHPr5dFvW8HGzNz8I4vDWsQAcSnuXLH6M4hvBZnvJ:CaPHVdFvW8Hu/4vDKpXLGhvBf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ad0e76e2d0687c1c76ec8c706f0113b9b8459dc6c14e75864afbf876501bcfef
- Size
  
  293KB
- MD5
  
  4f93ca947f0bde1b6cdca3d515d7eef9
- SHA1
  
  9ddfe6858ab0cb510c1569c93da85783ab9dfaa1
- SHA256
  
  ad0e76e2d0687c1c76ec8c706f0113b9b8459dc6c14e75864afbf876501bcfef
- SHA512
  
  233be13cee29763bf22493cb2277683f3826b0ceace0b186f04b5ca27dabe3a6058f1ac8239407682ea34ce98b0c6b9d351c90a97162113d695158e2623b9786
- SSDEEP
  
  6144:7uaPHPr5dFvW8HGzNz8I4vDWsQAcSnuXLH6M4hvBZnvJ:CaPHVdFvW8Hu/4vDKpXLGhvBf
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence