a5cf15847b9612fac553d2ae0e92dfd82be547582301169a6d520851ece6db53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a5cf15847b9612fac553d2ae0e92dfd82be547582301169a6d520851ece6db53
Size

132KB
Sample

221203-txvdhsba6v
MD5

a2392a6200529fc9bd1ffc2aabecd396
SHA1

26464e8b0e85499ef74fedc9c8aaf88b0566e359
SHA256

a5cf15847b9612fac553d2ae0e92dfd82be547582301169a6d520851ece6db53
SHA512

cc9b5043bb2b38d62bc467b3b1895cc2ffdd465f6655c7e390e12b15954878449231d0e11f21d9683a8a255a989b6a377a8c4151a68f2141a62ecf0fb5b55862
SSDEEP

1536:FGxPZeTIA1XFixXVG4e2JLBJ3Ue05znybzPe9jRwo7JaS1:yZeTI+FixFG4e1ybGtwQL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a5cf15847b9612fac553d2ae0e92dfd82be547582301169a6d520851ece6db53
- Size
  
  132KB
- MD5
  
  a2392a6200529fc9bd1ffc2aabecd396
- SHA1
  
  26464e8b0e85499ef74fedc9c8aaf88b0566e359
- SHA256
  
  a5cf15847b9612fac553d2ae0e92dfd82be547582301169a6d520851ece6db53
- SHA512
  
  cc9b5043bb2b38d62bc467b3b1895cc2ffdd465f6655c7e390e12b15954878449231d0e11f21d9683a8a255a989b6a377a8c4151a68f2141a62ecf0fb5b55862
- SSDEEP
  
  1536:FGxPZeTIA1XFixXVG4e2JLBJ3Ue05znybzPe9jRwo7JaS1:yZeTI+FixFG4e1ybGtwQL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence