c822d0d7c37b6a5b174ccb2fd5e558481a26bf8747e1af7ab3e31b9d7d724d55 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c822d0d7c37b6a5b174ccb2fd5e558481a26bf8747e1af7ab3e31b9d7d724d55
Size

156KB
Sample

221202-vvbn3age56
MD5

8461c185a6e0bb6c95b056bfe9f30180
SHA1

9d06f22f4f590f1d4c8594329ff8eef7c8fc4b3c
SHA256

c822d0d7c37b6a5b174ccb2fd5e558481a26bf8747e1af7ab3e31b9d7d724d55
SHA512

bd4be8c6474438ccebc674cabd9e921b57884a2b4d57884a1dac89ec60c1057b28c64da5a25cca4b7db514583c36a9851d099a828f574760643cc9072ada5ed3
SSDEEP

3072:15/Pqj0C0H3RvXs45qlCG8v12aO1AwPgamPe42IZP4oQZiE0VH:rPW0Lvulf8v12aO1AwSPe4RzWKJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c822d0d7c37b6a5b174ccb2fd5e558481a26bf8747e1af7ab3e31b9d7d724d55
- Size
  
  156KB
- MD5
  
  8461c185a6e0bb6c95b056bfe9f30180
- SHA1
  
  9d06f22f4f590f1d4c8594329ff8eef7c8fc4b3c
- SHA256
  
  c822d0d7c37b6a5b174ccb2fd5e558481a26bf8747e1af7ab3e31b9d7d724d55
- SHA512
  
  bd4be8c6474438ccebc674cabd9e921b57884a2b4d57884a1dac89ec60c1057b28c64da5a25cca4b7db514583c36a9851d099a828f574760643cc9072ada5ed3
- SSDEEP
  
  3072:15/Pqj0C0H3RvXs45qlCG8v12aO1AwPgamPe42IZP4oQZiE0VH:rPW0Lvulf8v12aO1AwSPe4RzWKJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence