02c57b6c3ef2c319f6f82e855400a5d5891e5bc187161f11aa985003727b874b | Triage

Sharing

General

Target

02c57b6c3ef2c319f6f82e855400a5d5891e5bc187161f11aa985003727b874b
Size

240KB
Sample

221202-zxaxrsdg66
MD5

f75dcfd3c312d8cbed4f3a2d765b4882
SHA1

5a605f179baa2fd58b0f37065839b5c16f82455d
SHA256

02c57b6c3ef2c319f6f82e855400a5d5891e5bc187161f11aa985003727b874b
SHA512

55902edd1a72f830e855c357f38f8768c77ba4e31d2e4552ac2e3139d531c33ae69da08f67da0525b35f146b5a9b3c8abecc93c4200111f0e572c96a481cbab4
SSDEEP

6144:koJ5UtO7RQjX7XN1kd9JbSDviiopNDa/N08i1/W:I4xNTW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  02c57b6c3ef2c319f6f82e855400a5d5891e5bc187161f11aa985003727b874b
- Size
  
  240KB
- MD5
  
  f75dcfd3c312d8cbed4f3a2d765b4882
- SHA1
  
  5a605f179baa2fd58b0f37065839b5c16f82455d
- SHA256
  
  02c57b6c3ef2c319f6f82e855400a5d5891e5bc187161f11aa985003727b874b
- SHA512
  
  55902edd1a72f830e855c357f38f8768c77ba4e31d2e4552ac2e3139d531c33ae69da08f67da0525b35f146b5a9b3c8abecc93c4200111f0e572c96a481cbab4
- SSDEEP
  
  6144:koJ5UtO7RQjX7XN1kd9JbSDviiopNDa/N08i1/W:I4xNTW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence