ac22b9169534a79c4d589e26b976f5581bbb8c20d924630d0be62a0bdbe1ff74 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac22b9169534a79c4d589e26b976f5581bbb8c20d924630d0be62a0bdbe1ff74
Size

228KB
Sample

221202-x3cbnsaf4z
MD5

ed54f0f4ddedd6bf06745d2b041ca10e
SHA1

0f7194e99ca51f8c6e4f4a5d76f3c3a086418923
SHA256

ac22b9169534a79c4d589e26b976f5581bbb8c20d924630d0be62a0bdbe1ff74
SHA512

2eda41135bf8f3beb96f08af3e78123ccb7b833a058bf71e8a521ebce4f7a59eae2afbf4f4bac7cfa3a5ace0a6a56e768336d660f702af0694b2d313642b4f5f
SSDEEP

6144:5K+U3dwqsNy5ibpNjlDEqxF6snji81RUinKNCFe:s+OdQxl2

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ac22b9169534a79c4d589e26b976f5581bbb8c20d924630d0be62a0bdbe1ff74
- Size
  
  228KB
- MD5
  
  ed54f0f4ddedd6bf06745d2b041ca10e
- SHA1
  
  0f7194e99ca51f8c6e4f4a5d76f3c3a086418923
- SHA256
  
  ac22b9169534a79c4d589e26b976f5581bbb8c20d924630d0be62a0bdbe1ff74
- SHA512
  
  2eda41135bf8f3beb96f08af3e78123ccb7b833a058bf71e8a521ebce4f7a59eae2afbf4f4bac7cfa3a5ace0a6a56e768336d660f702af0694b2d313642b4f5f
- SSDEEP
  
  6144:5K+U3dwqsNy5ibpNjlDEqxF6snji81RUinKNCFe:s+OdQxl2
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence