80195ab7f83a8a54b6cefaf11bbb518935d0bd966ca2eacd162028b5ec25fbe9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

80195ab7f83a8a54b6cefaf11bbb518935d0bd966ca2eacd162028b5ec25fbe9
Size

156KB
Sample

221202-aaf3tsha4w
MD5

a33b0ae5c0d00fc380dd2f0e1b597ace
SHA1

68a9d81335904c383645d428b5cab27d13079367
SHA256

80195ab7f83a8a54b6cefaf11bbb518935d0bd966ca2eacd162028b5ec25fbe9
SHA512

e292a2f96abaf6e8088aff6027ca9cfca3d734103077b747ed4dcdb10e060300bdf29c507757cb49cd331c81e41f8d79def36dcf3eaec2fbff8d4e60253340f7
SSDEEP

3072:PNMteS4aZhJdxKPE+vgu36MN9vqKyHjm6I1JDVOc2W4oQZiETE:lm7d0zvhqMN9vgjm6ILDVOAWe

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  80195ab7f83a8a54b6cefaf11bbb518935d0bd966ca2eacd162028b5ec25fbe9
- Size
  
  156KB
- MD5
  
  a33b0ae5c0d00fc380dd2f0e1b597ace
- SHA1
  
  68a9d81335904c383645d428b5cab27d13079367
- SHA256
  
  80195ab7f83a8a54b6cefaf11bbb518935d0bd966ca2eacd162028b5ec25fbe9
- SHA512
  
  e292a2f96abaf6e8088aff6027ca9cfca3d734103077b747ed4dcdb10e060300bdf29c507757cb49cd331c81e41f8d79def36dcf3eaec2fbff8d4e60253340f7
- SSDEEP
  
  3072:PNMteS4aZhJdxKPE+vgu36MN9vqKyHjm6I1JDVOc2W4oQZiETE:lm7d0zvhqMN9vgjm6ILDVOAWe
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence