c29007e2df838dca6e5b075394baa892245d4bb40cac43790973b47a344c4848 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c29007e2df838dca6e5b075394baa892245d4bb40cac43790973b47a344c4848
Size

60KB
Sample

221202-zxekysdg77
MD5

68c38d9780aaf8fa690ea08ddd8b93e4
SHA1

87e9d236ebb5b4a359d090b395f3787da5d4ebd6
SHA256

c29007e2df838dca6e5b075394baa892245d4bb40cac43790973b47a344c4848
SHA512

5abfc8152571bf2004467122341a09d2629b749d3c4a60307ea8cb70e1225b082d1d7be39eccdf3206aa20125b7ea6559c3f391513e0872b4df6310ce245fcdc
SSDEEP

768:oXbx1BM3YaWSk1egNvlP2D2n/z/D0lbdfs3OfKDHGqHg6WBzWcQ:oXP9aiUyZ2a/Dxg6WBzWcQ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c29007e2df838dca6e5b075394baa892245d4bb40cac43790973b47a344c4848
- Size
  
  60KB
- MD5
  
  68c38d9780aaf8fa690ea08ddd8b93e4
- SHA1
  
  87e9d236ebb5b4a359d090b395f3787da5d4ebd6
- SHA256
  
  c29007e2df838dca6e5b075394baa892245d4bb40cac43790973b47a344c4848
- SHA512
  
  5abfc8152571bf2004467122341a09d2629b749d3c4a60307ea8cb70e1225b082d1d7be39eccdf3206aa20125b7ea6559c3f391513e0872b4df6310ce245fcdc
- SSDEEP
  
  768:oXbx1BM3YaWSk1egNvlP2D2n/z/D0lbdfs3OfKDHGqHg6WBzWcQ:oXP9aiUyZ2a/Dxg6WBzWcQ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence