859c20830ed0f8f5d96fd91df2d5a428d6041ea0f6e6f7a0b3e047408953f4d3 | Triage

Sharing

General

Target

859c20830ed0f8f5d96fd91df2d5a428d6041ea0f6e6f7a0b3e047408953f4d3
Size

268KB
Sample

221202-amsmdseg49
MD5

f5af296d50d4a0474e56d12e7bdef821
SHA1

89ad607cdda477ec9728c4c02f32dd58620a2e29
SHA256

859c20830ed0f8f5d96fd91df2d5a428d6041ea0f6e6f7a0b3e047408953f4d3
SHA512

4ec546a2b70739c1a335b841a0219e76748077240d40c21fc38d3634e017251febe7a3d53db51ca581d3c43094de3481e9b14a0ff14accce012d08b751ce02bc
SSDEEP

6144:XmbOJl0UMS422Ous+azXt3D+Qh/pHq8+6IcLaOO3VX6uB/eBcJwRiY10Nfz:t0UMS4hsJzXt3D+Qh3IcqK25

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  859c20830ed0f8f5d96fd91df2d5a428d6041ea0f6e6f7a0b3e047408953f4d3
- Size
  
  268KB
- MD5
  
  f5af296d50d4a0474e56d12e7bdef821
- SHA1
  
  89ad607cdda477ec9728c4c02f32dd58620a2e29
- SHA256
  
  859c20830ed0f8f5d96fd91df2d5a428d6041ea0f6e6f7a0b3e047408953f4d3
- SHA512
  
  4ec546a2b70739c1a335b841a0219e76748077240d40c21fc38d3634e017251febe7a3d53db51ca581d3c43094de3481e9b14a0ff14accce012d08b751ce02bc
- SSDEEP
  
  6144:XmbOJl0UMS422Ous+azXt3D+Qh/pHq8+6IcLaOO3VX6uB/eBcJwRiY10Nfz:t0UMS4hsJzXt3D+Qh3IcqK25
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence