151df0192ce1c9eae55e6628fa98cb9d3338cfaa6f76a2c4129bae4b05370e99 | Triage

Sharing

General

Target

151df0192ce1c9eae55e6628fa98cb9d3338cfaa6f76a2c4129bae4b05370e99
Size

116KB
Sample

221202-x7dejabb2t
MD5

bc8d24faa494bbb0375582ff05f2e696
SHA1

806ec20eb888f25b59a2bda033db3d48130b6749
SHA256

151df0192ce1c9eae55e6628fa98cb9d3338cfaa6f76a2c4129bae4b05370e99
SHA512

781f4fad9b1e8163a9febaa1723ca4a9c320e9685a96a0c376807f11f51bed24366e57de295a304279251c2b513d29110cd49eccab0f072f0eda8e56ef6c68ea
SSDEEP

3072:C0T94Xnr99Rx7D/ONLd01eWkVkMfwhHX0WRVf:7Z477D2NLd01eWkVkMfwhHEWRF

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  151df0192ce1c9eae55e6628fa98cb9d3338cfaa6f76a2c4129bae4b05370e99
- Size
  
  116KB
- MD5
  
  bc8d24faa494bbb0375582ff05f2e696
- SHA1
  
  806ec20eb888f25b59a2bda033db3d48130b6749
- SHA256
  
  151df0192ce1c9eae55e6628fa98cb9d3338cfaa6f76a2c4129bae4b05370e99
- SHA512
  
  781f4fad9b1e8163a9febaa1723ca4a9c320e9685a96a0c376807f11f51bed24366e57de295a304279251c2b513d29110cd49eccab0f072f0eda8e56ef6c68ea
- SSDEEP
  
  3072:C0T94Xnr99Rx7D/ONLd01eWkVkMfwhHX0WRVf:7Z477D2NLd01eWkVkMfwhHEWRF
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence