94cfde9cdb43ceb43d2faffa4cd9a5b315f39ee6672fa85788b15c102182dbed | Triage

Sharing

General

Target

94cfde9cdb43ceb43d2faffa4cd9a5b315f39ee6672fa85788b15c102182dbed
Size

156KB
Sample

221202-aczb7ahc4z
MD5

fb5d0175d6f5306e595450034767a396
SHA1

8e86e9d089e9f7d6dd1557d56745de0bc7418d5d
SHA256

94cfde9cdb43ceb43d2faffa4cd9a5b315f39ee6672fa85788b15c102182dbed
SHA512

e60690ee550a7d5737edfbd9b9aaaf40adf5f9c908df5ca1f7a6e263f64fbb929f4c5f6aac1659ee7ab2f21958a32c4cd9440b111297028000580410ae399166
SSDEEP

3072:BHpLdJxOFxlLzrQF0T8ZnPZihF3KYGnUujyOjs6UvVXPRI4oQZiEeUC:R3OFxxrQJ0r3KYGnljw6AXmWs

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  94cfde9cdb43ceb43d2faffa4cd9a5b315f39ee6672fa85788b15c102182dbed
- Size
  
  156KB
- MD5
  
  fb5d0175d6f5306e595450034767a396
- SHA1
  
  8e86e9d089e9f7d6dd1557d56745de0bc7418d5d
- SHA256
  
  94cfde9cdb43ceb43d2faffa4cd9a5b315f39ee6672fa85788b15c102182dbed
- SHA512
  
  e60690ee550a7d5737edfbd9b9aaaf40adf5f9c908df5ca1f7a6e263f64fbb929f4c5f6aac1659ee7ab2f21958a32c4cd9440b111297028000580410ae399166
- SSDEEP
  
  3072:BHpLdJxOFxlLzrQF0T8ZnPZihF3KYGnUujyOjs6UvVXPRI4oQZiEeUC:R3OFxxrQJ0r3KYGnljw6AXmWs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence