c7c0fdd191b11e4b3c9ef93506e5c1d1b042746db367e2853d8e2783e1f24f3a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7c0fdd191b11e4b3c9ef93506e5c1d1b042746db367e2853d8e2783e1f24f3a
Size

60KB
Sample

221202-a4twsagb69
MD5

867e17cab7e74599105eb3729db84fef
SHA1

378571e03f6fa7c4bd4f89f94ad7a93f3a80a0e4
SHA256

c7c0fdd191b11e4b3c9ef93506e5c1d1b042746db367e2853d8e2783e1f24f3a
SHA512

a8c6d34c71f9d649b0d23c92f9e247c6e321f8f6e76b40374326a56d9dbb402d1e70d38cb02b955478ba79411b8fb6257ca5e62f62ab4f03cb361d3e7aa548e1
SSDEEP

1536:HWJd8aTibnZ1KqxX713c9oo4APa+rg8S:2v8hZD13c9Rt70

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c7c0fdd191b11e4b3c9ef93506e5c1d1b042746db367e2853d8e2783e1f24f3a
- Size
  
  60KB
- MD5
  
  867e17cab7e74599105eb3729db84fef
- SHA1
  
  378571e03f6fa7c4bd4f89f94ad7a93f3a80a0e4
- SHA256
  
  c7c0fdd191b11e4b3c9ef93506e5c1d1b042746db367e2853d8e2783e1f24f3a
- SHA512
  
  a8c6d34c71f9d649b0d23c92f9e247c6e321f8f6e76b40374326a56d9dbb402d1e70d38cb02b955478ba79411b8fb6257ca5e62f62ab4f03cb361d3e7aa548e1
- SSDEEP
  
  1536:HWJd8aTibnZ1KqxX713c9oo4APa+rg8S:2v8hZD13c9Rt70
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence