99982e8f4d38a93561818bd48a32456babd2770689f4f6d05f4c45b87a4c119f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99982e8f4d38a93561818bd48a32456babd2770689f4f6d05f4c45b87a4c119f
Size

100KB
Sample

221203-tx7nvaff44
MD5

93dd7eae2854f14eae47fcc73019e5e2
SHA1

8d9e6d29f149d4dc4a71207376673de3b6f478cd
SHA256

99982e8f4d38a93561818bd48a32456babd2770689f4f6d05f4c45b87a4c119f
SHA512

13df03b2a8ce4e56c548d711a13523cd7a19711fde577b0eccec63f191fb55b4d24208294730ef04c9704bfd3ade2d706025454fedfa696789bda10240b0e7f9
SSDEEP

1536:45W4cX220mQoxJKIRGWcOUP7vXArnY1ZqAefzyes5NIjnZmR:uMQ7NAfzyeuCnQR

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  99982e8f4d38a93561818bd48a32456babd2770689f4f6d05f4c45b87a4c119f
- Size
  
  100KB
- MD5
  
  93dd7eae2854f14eae47fcc73019e5e2
- SHA1
  
  8d9e6d29f149d4dc4a71207376673de3b6f478cd
- SHA256
  
  99982e8f4d38a93561818bd48a32456babd2770689f4f6d05f4c45b87a4c119f
- SHA512
  
  13df03b2a8ce4e56c548d711a13523cd7a19711fde577b0eccec63f191fb55b4d24208294730ef04c9704bfd3ade2d706025454fedfa696789bda10240b0e7f9
- SSDEEP
  
  1536:45W4cX220mQoxJKIRGWcOUP7vXArnY1ZqAefzyes5NIjnZmR:uMQ7NAfzyeuCnQR
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence