1ba091666d0829162c9ca41f061a056c2defe456e07316f6650e8b87e3cec3d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ba091666d0829162c9ca41f061a056c2defe456e07316f6650e8b87e3cec3d8
Size

264KB
Sample

221202-an35hsac3y
MD5

1169839d6448cbf7beecdea6046df350
SHA1

1f0418958de8603695fb3f636ca16bab442d7e94
SHA256

1ba091666d0829162c9ca41f061a056c2defe456e07316f6650e8b87e3cec3d8
SHA512

f1474c6bf2f2c8e39f56e7b1b293ec914543f1a2c78f5003b6fc20c53e53c041c0f4c51b674f0877c9e2fbfc59f5dab5b9b4401fdb31435b14db50ba98be0fdd
SSDEEP

3072:7wwQcqsOWfHJ2IDyG2pfr4GNLzECcKIvMBSYWunCvPQiwhjXH1WkaBx5/lvnjLYC:MwQ3sOWx9Ic6OLynWunzXH1W9r3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1ba091666d0829162c9ca41f061a056c2defe456e07316f6650e8b87e3cec3d8
- Size
  
  264KB
- MD5
  
  1169839d6448cbf7beecdea6046df350
- SHA1
  
  1f0418958de8603695fb3f636ca16bab442d7e94
- SHA256
  
  1ba091666d0829162c9ca41f061a056c2defe456e07316f6650e8b87e3cec3d8
- SHA512
  
  f1474c6bf2f2c8e39f56e7b1b293ec914543f1a2c78f5003b6fc20c53e53c041c0f4c51b674f0877c9e2fbfc59f5dab5b9b4401fdb31435b14db50ba98be0fdd
- SSDEEP
  
  3072:7wwQcqsOWfHJ2IDyG2pfr4GNLzECcKIvMBSYWunCvPQiwhjXH1WkaBx5/lvnjLYC:MwQ3sOWx9Ic6OLynWunzXH1W9r3
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence