822d4c81192ffb8322420c4bf81fded452727a9843b0bebc96d65610edba7b95 | Triage

Sharing

General

Target

822d4c81192ffb8322420c4bf81fded452727a9843b0bebc96d65610edba7b95
Size

116KB
Sample

221202-x5p1jsfd89
MD5

4775ef3fc8664d3cf991fe71d85d5ae6
SHA1

bd8ffbfb43dd2e7535c403dc8af0e45a08212e43
SHA256

822d4c81192ffb8322420c4bf81fded452727a9843b0bebc96d65610edba7b95
SHA512

f1b564ac1946e7423ab59882a9ef443d47ae4f64e3b745b84451fae4dd67ed5a0a4e187dc8846e1d86e2e62cc9d13757db6c4aa864a621792efaf8985b0524b2
SSDEEP

1536:OWxBr+AQR8Kw6KBOcW4Z8HO1Zwt0f4HfDUEdMOPy9sbgNcwo7JaS1:RiACfcr1ZoDUEdZwQL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  822d4c81192ffb8322420c4bf81fded452727a9843b0bebc96d65610edba7b95
- Size
  
  116KB
- MD5
  
  4775ef3fc8664d3cf991fe71d85d5ae6
- SHA1
  
  bd8ffbfb43dd2e7535c403dc8af0e45a08212e43
- SHA256
  
  822d4c81192ffb8322420c4bf81fded452727a9843b0bebc96d65610edba7b95
- SHA512
  
  f1b564ac1946e7423ab59882a9ef443d47ae4f64e3b745b84451fae4dd67ed5a0a4e187dc8846e1d86e2e62cc9d13757db6c4aa864a621792efaf8985b0524b2
- SSDEEP
  
  1536:OWxBr+AQR8Kw6KBOcW4Z8HO1Zwt0f4HfDUEdMOPy9sbgNcwo7JaS1:RiACfcr1ZoDUEdZwQL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence