ca8d68217a7b46e415c98edd29c489ea80acdf95c945b00a7707e2428f1ca078 | Triage

Sharing

General

Target

ca8d68217a7b46e415c98edd29c489ea80acdf95c945b00a7707e2428f1ca078
Size

100KB
Sample

221202-z95ynseh95
MD5

f6f1b3aaeab14cd49e73e3edadab9cf7
SHA1

bad70183a7746621c8b7bd0e5ca9da2b9b841a79
SHA256

ca8d68217a7b46e415c98edd29c489ea80acdf95c945b00a7707e2428f1ca078
SHA512

2f1c82f51d71529e2b2ba5d92b92cc665cf7ada38e5862faec2b2673df0f7cedb3c60715a2aee3f24ee98552a568f911343570c91ff0164a088834296db28bd9
SSDEEP

1536:nltGO82NTzwUMGAc4ohrPXo+73Rez8b0SyuNIjnZq:3wjurPX7CuCnY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ca8d68217a7b46e415c98edd29c489ea80acdf95c945b00a7707e2428f1ca078
- Size
  
  100KB
- MD5
  
  f6f1b3aaeab14cd49e73e3edadab9cf7
- SHA1
  
  bad70183a7746621c8b7bd0e5ca9da2b9b841a79
- SHA256
  
  ca8d68217a7b46e415c98edd29c489ea80acdf95c945b00a7707e2428f1ca078
- SHA512
  
  2f1c82f51d71529e2b2ba5d92b92cc665cf7ada38e5862faec2b2673df0f7cedb3c60715a2aee3f24ee98552a568f911343570c91ff0164a088834296db28bd9
- SSDEEP
  
  1536:nltGO82NTzwUMGAc4ohrPXo+73Rez8b0SyuNIjnZq:3wjurPX7CuCnY
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence