c1f3cb71eca0214e7f55cd13ca65e9d6e1185c3b6f1699672ecc86c327c77188 | Triage

Sharing

General

Target

c1f3cb71eca0214e7f55cd13ca65e9d6e1185c3b6f1699672ecc86c327c77188
Size

48KB
Sample

221203-2d7hqsfa2z
MD5

fc39f6fdb793392a98586d104586fbdb
SHA1

aea00aeeaef0804eee3a6db282a2da7fb843a927
SHA256

c1f3cb71eca0214e7f55cd13ca65e9d6e1185c3b6f1699672ecc86c327c77188
SHA512

3711c85e08d22e02608c47a7e29865f6bdef4fd27f1731f0e024378a5e80dd8b211ee7daa81b67903260e7dafd7fc525c46114a2883e883785b80bb22f8145de
SSDEEP

768:0zEJbJ6hRGN+lpalWtgTVH7NHaurxmWXOQfwoObuPb77e0:0zEqRza0ml5lXAoO+H79

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c1f3cb71eca0214e7f55cd13ca65e9d6e1185c3b6f1699672ecc86c327c77188
- Size
  
  48KB
- MD5
  
  fc39f6fdb793392a98586d104586fbdb
- SHA1
  
  aea00aeeaef0804eee3a6db282a2da7fb843a927
- SHA256
  
  c1f3cb71eca0214e7f55cd13ca65e9d6e1185c3b6f1699672ecc86c327c77188
- SHA512
  
  3711c85e08d22e02608c47a7e29865f6bdef4fd27f1731f0e024378a5e80dd8b211ee7daa81b67903260e7dafd7fc525c46114a2883e883785b80bb22f8145de
- SSDEEP
  
  768:0zEJbJ6hRGN+lpalWtgTVH7NHaurxmWXOQfwoObuPb77e0:0zEqRza0ml5lXAoO+H79
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence