8bb27f016d372a2a84530e4526577c6d735b01ea741795ce998e4c6e8947e6ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bb27f016d372a2a84530e4526577c6d735b01ea741795ce998e4c6e8947e6ea
Size

156KB
Sample

221202-aczyqadh69
MD5

f8a8b6d7303cc149abe06407640e9b93
SHA1

4d0a7504aa03877414387136bc004bd34301b485
SHA256

8bb27f016d372a2a84530e4526577c6d735b01ea741795ce998e4c6e8947e6ea
SHA512

6bb82bb95eef5e994184ff61db9a6b96edd96357c2c4b4faebaff959f9eaccd0b926d4d210ba16aa855300653540abbc3d2bcb6f111376709dcdb2620542278f
SSDEEP

3072:BHpLdatxOFxlLzrQF0T8ZnPZihF3KYGnUujyOjs6UvVXPRu4oQZiEkh:RaTOFxxrQJ0r3KYGnljw6AXoWE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8bb27f016d372a2a84530e4526577c6d735b01ea741795ce998e4c6e8947e6ea
- Size
  
  156KB
- MD5
  
  f8a8b6d7303cc149abe06407640e9b93
- SHA1
  
  4d0a7504aa03877414387136bc004bd34301b485
- SHA256
  
  8bb27f016d372a2a84530e4526577c6d735b01ea741795ce998e4c6e8947e6ea
- SHA512
  
  6bb82bb95eef5e994184ff61db9a6b96edd96357c2c4b4faebaff959f9eaccd0b926d4d210ba16aa855300653540abbc3d2bcb6f111376709dcdb2620542278f
- SSDEEP
  
  3072:BHpLdatxOFxlLzrQF0T8ZnPZihF3KYGnUujyOjs6UvVXPRu4oQZiEkh:RaTOFxxrQJ0r3KYGnljw6AXoWE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence