ab483d3172ebd65102bd8ceb751d9d9fccc0eb0b0c720f3cba3055fe994e8b36 | Triage

Sharing

General

Target

ab483d3172ebd65102bd8ceb751d9d9fccc0eb0b0c720f3cba3055fe994e8b36
Size

124KB
Sample

221202-x5v7kaah61
MD5

451b04c93bdf0b65820dae1f501f88d6
SHA1

5f04020ffdf2220692b9e1aef2639cdf6bb2f9bb
SHA256

ab483d3172ebd65102bd8ceb751d9d9fccc0eb0b0c720f3cba3055fe994e8b36
SHA512

9364f0199c6f087fb8f72301845458111f8728271c5c526bb53ecea3dc71aee678d7810bbfe418b798711cfbee00e1017bba42f76d6ce675296be85afbc1506e
SSDEEP

1536:L9ET4wRkEjuBxLDtVdHa27J14lWxporZ45izNeG0h/x:5ET4wR3kLt6gJ1uPt45Jp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ab483d3172ebd65102bd8ceb751d9d9fccc0eb0b0c720f3cba3055fe994e8b36
- Size
  
  124KB
- MD5
  
  451b04c93bdf0b65820dae1f501f88d6
- SHA1
  
  5f04020ffdf2220692b9e1aef2639cdf6bb2f9bb
- SHA256
  
  ab483d3172ebd65102bd8ceb751d9d9fccc0eb0b0c720f3cba3055fe994e8b36
- SHA512
  
  9364f0199c6f087fb8f72301845458111f8728271c5c526bb53ecea3dc71aee678d7810bbfe418b798711cfbee00e1017bba42f76d6ce675296be85afbc1506e
- SSDEEP
  
  1536:L9ET4wRkEjuBxLDtVdHa27J14lWxporZ45izNeG0h/x:5ET4wR3kLt6gJ1uPt45Jp
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence