f21fc6884beb0bca9f6bc3d10817f8dfdd034e777ff1d55ecfa519442d986309 | Triage

Sharing

General

Target

f21fc6884beb0bca9f6bc3d10817f8dfdd034e777ff1d55ecfa519442d986309
Size

132KB
Sample

221203-txrbvsba5x
MD5

9ddd2616cae80f2ee6caffc1599a0343
SHA1

475747b1eda0a5aaf7a8858bbbfe2528f3c19738
SHA256

f21fc6884beb0bca9f6bc3d10817f8dfdd034e777ff1d55ecfa519442d986309
SHA512

80619d4fb83fcdb491cb4a1e13f0b7fcd3bc5f02f58b08bebe434a16d72b4cd7161013afbc00388fcdb06c3b2f4c18a400caa64273c7a44ebc3bf40f8342a6d6
SSDEEP

1536:NnxPUeTIhXFixXVG4e2JLBJ3Ue05znybzPe9jpwo7JaS/:7UeTIZFixFG4e1ybG1wQd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f21fc6884beb0bca9f6bc3d10817f8dfdd034e777ff1d55ecfa519442d986309
- Size
  
  132KB
- MD5
  
  9ddd2616cae80f2ee6caffc1599a0343
- SHA1
  
  475747b1eda0a5aaf7a8858bbbfe2528f3c19738
- SHA256
  
  f21fc6884beb0bca9f6bc3d10817f8dfdd034e777ff1d55ecfa519442d986309
- SHA512
  
  80619d4fb83fcdb491cb4a1e13f0b7fcd3bc5f02f58b08bebe434a16d72b4cd7161013afbc00388fcdb06c3b2f4c18a400caa64273c7a44ebc3bf40f8342a6d6
- SSDEEP
  
  1536:NnxPUeTIhXFixXVG4e2JLBJ3Ue05znybzPe9jpwo7JaS/:7UeTIZFixFG4e1ybG1wQd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence