b3e0309a3f7238b44a3af4407fa710c0892726af19084c22688d7f2b9c958216 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3e0309a3f7238b44a3af4407fa710c0892726af19084c22688d7f2b9c958216
Size

232KB
Sample

221202-ahvk7aed43
MD5

78d104714b78cca381f3927964cf938a
SHA1

ce149aa1486815a1215fd6592cb9e4f9da221094
SHA256

b3e0309a3f7238b44a3af4407fa710c0892726af19084c22688d7f2b9c958216
SHA512

aa4c0d33509c393869f61db90f4a2cd2e566e747f9babfe651ed2b176d6b6e561d32a45bdb4111dce28a3d3bb1e03682b86542582db9e537732baf9f70b3b2f5
SSDEEP

3072:MpMeBchnYwN1Smm727IJCkvIwXX4Ph0ApMX3KKl+Hv/91I/2XOlDaE:MpPBcdYwN1S327Y54Ph0TX1kd18COP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b3e0309a3f7238b44a3af4407fa710c0892726af19084c22688d7f2b9c958216
- Size
  
  232KB
- MD5
  
  78d104714b78cca381f3927964cf938a
- SHA1
  
  ce149aa1486815a1215fd6592cb9e4f9da221094
- SHA256
  
  b3e0309a3f7238b44a3af4407fa710c0892726af19084c22688d7f2b9c958216
- SHA512
  
  aa4c0d33509c393869f61db90f4a2cd2e566e747f9babfe651ed2b176d6b6e561d32a45bdb4111dce28a3d3bb1e03682b86542582db9e537732baf9f70b3b2f5
- SSDEEP
  
  3072:MpMeBchnYwN1Smm727IJCkvIwXX4Ph0ApMX3KKl+Hv/91I/2XOlDaE:MpPBcdYwN1S327Y54Ph0TX1kd18COP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence