c0965e9fc2e3c529ab75a84292109fa0c305550dc90a891d414e9d8ffb2e53aa | Triage

Sharing

General

Target

c0965e9fc2e3c529ab75a84292109fa0c305550dc90a891d414e9d8ffb2e53aa
Size

264KB
Sample

221202-hb4jhsbh57
MD5

54ff25506c32583e8fc5ccfe65a7af70
SHA1

664d8c6ad6126566368e2e8c36162ca502ddd0b2
SHA256

c0965e9fc2e3c529ab75a84292109fa0c305550dc90a891d414e9d8ffb2e53aa
SHA512

dfcc6c4a218ea56ab9f89745e9c0d439239188e8d9f7863a7bd5478fdc0eae150ffdbb76c453f73f2815f0e24ef443d89f3a78b96d1196e7241275b7e540b6f6
SSDEEP

3072:D2kG11Gr7agej720MS+FNbOAPGnsMlVfchbAh4f971OQ0zs7J6QNik3:D2kD7agwqB+APgheqK171/37ak3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c0965e9fc2e3c529ab75a84292109fa0c305550dc90a891d414e9d8ffb2e53aa
- Size
  
  264KB
- MD5
  
  54ff25506c32583e8fc5ccfe65a7af70
- SHA1
  
  664d8c6ad6126566368e2e8c36162ca502ddd0b2
- SHA256
  
  c0965e9fc2e3c529ab75a84292109fa0c305550dc90a891d414e9d8ffb2e53aa
- SHA512
  
  dfcc6c4a218ea56ab9f89745e9c0d439239188e8d9f7863a7bd5478fdc0eae150ffdbb76c453f73f2815f0e24ef443d89f3a78b96d1196e7241275b7e540b6f6
- SSDEEP
  
  3072:D2kG11Gr7agej720MS+FNbOAPGnsMlVfchbAh4f971OQ0zs7J6QNik3:D2kD7agwqB+APgheqK171/37ak3
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence