da028a70a39dbb2c91070217caae1f7492098044bdf16cab731d0561431debd7 | Triage

Sharing

General

Target

da028a70a39dbb2c91070217caae1f7492098044bdf16cab731d0561431debd7
Size

146KB
Sample

221203-bx49lsdb77
MD5

69deca7133faca62d202417c033ad090
SHA1

d995602693b79ac012509927dc99eae1f56034ff
SHA256

da028a70a39dbb2c91070217caae1f7492098044bdf16cab731d0561431debd7
SHA512

a9a0832f2cdab15a0b139c91233a1816633d020f9ba3e51a705aa87485b241d243a98dd8ad29b7a5c9358c674288e967a028c737d6a0ee8df6e6792b72a45554
SSDEEP

3072:eZo6/nryC3uv2n4pSKtloIkk/FF9lA1Uf/Z4:en2g4MWloxkrZ/i

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  da028a70a39dbb2c91070217caae1f7492098044bdf16cab731d0561431debd7
- Size
  
  146KB
- MD5
  
  69deca7133faca62d202417c033ad090
- SHA1
  
  d995602693b79ac012509927dc99eae1f56034ff
- SHA256
  
  da028a70a39dbb2c91070217caae1f7492098044bdf16cab731d0561431debd7
- SHA512
  
  a9a0832f2cdab15a0b139c91233a1816633d020f9ba3e51a705aa87485b241d243a98dd8ad29b7a5c9358c674288e967a028c737d6a0ee8df6e6792b72a45554
- SSDEEP
  
  3072:eZo6/nryC3uv2n4pSKtloIkk/FF9lA1Uf/Z4:en2g4MWloxkrZ/i
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence