9af4cc58dbe00825ea0a723cfd142f1e46eb89b169bf88b38f61e5792e349d80 | Triage

Sharing

General

Target

9af4cc58dbe00825ea0a723cfd142f1e46eb89b169bf88b38f61e5792e349d80
Size

212KB
Sample

221202-awzr3aah6t
MD5

b0e3cf85e5e56dc86a659f74fc25f6a4
SHA1

317c88237d0ca5c8629a9880ca00258c1d7e9f36
SHA256

9af4cc58dbe00825ea0a723cfd142f1e46eb89b169bf88b38f61e5792e349d80
SHA512

ed1e0066979676ea8f47a4d86c9bc7001476ded4c5bb956aba73e694e74aafca0be2ec1b72943ee5ea1bfe0edf97a52f38cda430a37b32f3c4e8ad257d7d16eb
SSDEEP

3072:KvCh2UjpES8Fd3MiaDN/bG0sCOL5pNk+ZxybSAx:SfFd3MiK/SxCOL5pi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9af4cc58dbe00825ea0a723cfd142f1e46eb89b169bf88b38f61e5792e349d80
- Size
  
  212KB
- MD5
  
  b0e3cf85e5e56dc86a659f74fc25f6a4
- SHA1
  
  317c88237d0ca5c8629a9880ca00258c1d7e9f36
- SHA256
  
  9af4cc58dbe00825ea0a723cfd142f1e46eb89b169bf88b38f61e5792e349d80
- SHA512
  
  ed1e0066979676ea8f47a4d86c9bc7001476ded4c5bb956aba73e694e74aafca0be2ec1b72943ee5ea1bfe0edf97a52f38cda430a37b32f3c4e8ad257d7d16eb
- SSDEEP
  
  3072:KvCh2UjpES8Fd3MiaDN/bG0sCOL5pNk+ZxybSAx:SfFd3MiK/SxCOL5pi
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence