80d92ce6870c14705cad6772fd213fb2db3a7ae2e22a9cc57c3e33607603d4f7 | Triage

Sharing

General

Target

80d92ce6870c14705cad6772fd213fb2db3a7ae2e22a9cc57c3e33607603d4f7
Size

173KB
Sample

221202-wbg76shh66
MD5

ebb1ba2ee98688a8fb136e6922d36149
SHA1

787f0c098f82793cd5c236da41de1453bb965b5a
SHA256

80d92ce6870c14705cad6772fd213fb2db3a7ae2e22a9cc57c3e33607603d4f7
SHA512

3a3caa902507a80bf136987d5c586a4d68e8f03e2a1b935a01dfa5b7ff01524aeea6deddb2cbf2b69f7b358f02277ac85cc0b9165a90a4c9c493044a7fe7cc26
SSDEEP

3072:X4lRkAehGfzmuqTPryFsYax1o9Yh+ZHAzfPZ7Xy4bHlAIyHUQ:X4lRkAehaKuqT+FsYa5+OPNi4Z8

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  80d92ce6870c14705cad6772fd213fb2db3a7ae2e22a9cc57c3e33607603d4f7
- Size
  
  173KB
- MD5
  
  ebb1ba2ee98688a8fb136e6922d36149
- SHA1
  
  787f0c098f82793cd5c236da41de1453bb965b5a
- SHA256
  
  80d92ce6870c14705cad6772fd213fb2db3a7ae2e22a9cc57c3e33607603d4f7
- SHA512
  
  3a3caa902507a80bf136987d5c586a4d68e8f03e2a1b935a01dfa5b7ff01524aeea6deddb2cbf2b69f7b358f02277ac85cc0b9165a90a4c9c493044a7fe7cc26
- SSDEEP
  
  3072:X4lRkAehGfzmuqTPryFsYax1o9Yh+ZHAzfPZ7Xy4bHlAIyHUQ:X4lRkAehaKuqT+FsYa5+OPNi4Z8
Score

8^/10

evasion persistence
- Drops file in Drivers directory
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence