8189ed2bd8ddcfdf9bdc209a42bec2a1ad0a9d52edc9c03da33fb7a98c571c6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8189ed2bd8ddcfdf9bdc209a42bec2a1ad0a9d52edc9c03da33fb7a98c571c6f
Size

184KB
Sample

221202-anm4aseh27
MD5

1bc4bbd5c1f7eff1a8b1ccad107c13f0
SHA1

1d99023c63ad009bdfb1c1fbbc84b84611e33fe6
SHA256

8189ed2bd8ddcfdf9bdc209a42bec2a1ad0a9d52edc9c03da33fb7a98c571c6f
SHA512

ba52ffa5b558b20ea540ebeb67cd39d93cb65ca1c9364110f337c45b69610c26302e0a797ddd510380acd491dae2b4c201bc79349999c27d6038faec2594bfc8
SSDEEP

3072:o41cfl/BTyzcM+Knvmb7/D263i4qMbBQhAK/WOD2r1oX1/hcNcfAUane4RAhaUZv:FClpTFzKnvmb7/D26y4qMSyKuOD2r1ot

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8189ed2bd8ddcfdf9bdc209a42bec2a1ad0a9d52edc9c03da33fb7a98c571c6f
- Size
  
  184KB
- MD5
  
  1bc4bbd5c1f7eff1a8b1ccad107c13f0
- SHA1
  
  1d99023c63ad009bdfb1c1fbbc84b84611e33fe6
- SHA256
  
  8189ed2bd8ddcfdf9bdc209a42bec2a1ad0a9d52edc9c03da33fb7a98c571c6f
- SHA512
  
  ba52ffa5b558b20ea540ebeb67cd39d93cb65ca1c9364110f337c45b69610c26302e0a797ddd510380acd491dae2b4c201bc79349999c27d6038faec2594bfc8
- SSDEEP
  
  3072:o41cfl/BTyzcM+Knvmb7/D263i4qMbBQhAK/WOD2r1oX1/hcNcfAUane4RAhaUZv:FClpTFzKnvmb7/D26y4qMSyKuOD2r1ot
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence