b1e3834e0ce649b0f7fb4867bc3005cb45a915c7ff25fe29d5bad6a47fedcb90 | Triage

Sharing

General

Target

b1e3834e0ce649b0f7fb4867bc3005cb45a915c7ff25fe29d5bad6a47fedcb90
Size

224KB
Sample

221202-ag9cysec85
MD5

4aa846deaf75d5d64374d92ecce216df
SHA1

85bc22191d0d1a1baefd27ec3d05333069894554
SHA256

b1e3834e0ce649b0f7fb4867bc3005cb45a915c7ff25fe29d5bad6a47fedcb90
SHA512

f3b186ce69fe2380a2ad50854d804868c00981608a8dc4e72585b1a791c7393d7a61d5c79ffa5d0748d9658c3a5a828623a2525e2c61060d2579614bf2089b4d
SSDEEP

3072:hiY5bQ7aWbqDImDrT+UvtkvnNBLieMyiayNe2XKrJlZm6lDH:hF+uImDrT+U1QtMyiaO6NR

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b1e3834e0ce649b0f7fb4867bc3005cb45a915c7ff25fe29d5bad6a47fedcb90
- Size
  
  224KB
- MD5
  
  4aa846deaf75d5d64374d92ecce216df
- SHA1
  
  85bc22191d0d1a1baefd27ec3d05333069894554
- SHA256
  
  b1e3834e0ce649b0f7fb4867bc3005cb45a915c7ff25fe29d5bad6a47fedcb90
- SHA512
  
  f3b186ce69fe2380a2ad50854d804868c00981608a8dc4e72585b1a791c7393d7a61d5c79ffa5d0748d9658c3a5a828623a2525e2c61060d2579614bf2089b4d
- SSDEEP
  
  3072:hiY5bQ7aWbqDImDrT+UvtkvnNBLieMyiayNe2XKrJlZm6lDH:hF+uImDrT+U1QtMyiaO6NR
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence