982c9b4433a74a177275185249438ced101a086e58dc13c80f196f3dd8a27765 | Triage

Sharing

General

Target

982c9b4433a74a177275185249438ced101a086e58dc13c80f196f3dd8a27765
Size

200KB
Sample

221202-aq8g1sfb39
MD5

670e7ba325b462f960cd0f5b56354916
SHA1

0e3287287e39fa0c570204599bc37269419518aa
SHA256

982c9b4433a74a177275185249438ced101a086e58dc13c80f196f3dd8a27765
SHA512

d9d25506072fc6323d719c9863b0755c90571411f3b76f8ae890be8ddb9b30a6c827330d157a60cd66a1b713ddf033651e5c48af83fcbae00da38659af667593
SSDEEP

3072:CLv6LHJdkvY2+ydeYMvnWtmpzaVmS4plDuUhMjn:ovadkgM03utmQt4n7+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  982c9b4433a74a177275185249438ced101a086e58dc13c80f196f3dd8a27765
- Size
  
  200KB
- MD5
  
  670e7ba325b462f960cd0f5b56354916
- SHA1
  
  0e3287287e39fa0c570204599bc37269419518aa
- SHA256
  
  982c9b4433a74a177275185249438ced101a086e58dc13c80f196f3dd8a27765
- SHA512
  
  d9d25506072fc6323d719c9863b0755c90571411f3b76f8ae890be8ddb9b30a6c827330d157a60cd66a1b713ddf033651e5c48af83fcbae00da38659af667593
- SSDEEP
  
  3072:CLv6LHJdkvY2+ydeYMvnWtmpzaVmS4plDuUhMjn:ovadkgM03utmQt4n7+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence