91295aba397536a47309de7aaaef302e1b7667a0c0dc55f80eb0bde71e6dc51c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

91295aba397536a47309de7aaaef302e1b7667a0c0dc55f80eb0bde71e6dc51c
Size

252KB
Sample

221202-agzhrahf6x
MD5

12db70a44865de550967a7b24647d3c8
SHA1

a72571b3887c13ee5c769a2b0a340fabf54c2c3e
SHA256

91295aba397536a47309de7aaaef302e1b7667a0c0dc55f80eb0bde71e6dc51c
SHA512

8959d057f88808cbbbc1e6e8d004d1fa32aafb5fa86c27ac9d7b67b231048a6353ddc426c951fd720d3fba3dd601273553d1561922946bcabdddbb013a0262fd
SSDEEP

3072:VrAclx7LahsWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKtjr2:VrIFx/ZLA4PmG6d6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  91295aba397536a47309de7aaaef302e1b7667a0c0dc55f80eb0bde71e6dc51c
- Size
  
  252KB
- MD5
  
  12db70a44865de550967a7b24647d3c8
- SHA1
  
  a72571b3887c13ee5c769a2b0a340fabf54c2c3e
- SHA256
  
  91295aba397536a47309de7aaaef302e1b7667a0c0dc55f80eb0bde71e6dc51c
- SHA512
  
  8959d057f88808cbbbc1e6e8d004d1fa32aafb5fa86c27ac9d7b67b231048a6353ddc426c951fd720d3fba3dd601273553d1561922946bcabdddbb013a0262fd
- SSDEEP
  
  3072:VrAclx7LahsWvZ0OgRqTAJcLGGO/xuiEyJeOOeGs5oxnkNzQKtjr2:VrIFx/ZLA4PmG6d6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence