916fd2a933b2a8a0e166c8e2caf8bd4015c71f8797b45731f1ffddd1e09edb47 | Triage

Sharing

General

Target

916fd2a933b2a8a0e166c8e2caf8bd4015c71f8797b45731f1ffddd1e09edb47
Size

156KB
Sample

221203-vzld3aae56
MD5

9131f9599055a22c6a2bbc35a91c5dea
SHA1

04fdc576e54c9291824321d2cfc077dcd2ea8110
SHA256

916fd2a933b2a8a0e166c8e2caf8bd4015c71f8797b45731f1ffddd1e09edb47
SHA512

da3c197b38da26f09f8926dbeb031c7f1a4a2504064c2ed055f49da4cfb8a997b9a2da2342ba012bf4287dfe3defb0249f174019c2d8298f9ebacf1b1754061a
SSDEEP

3072:EGoe5g+GwD8w2+d5bWIrJ4E5n41sSLeH8ozK/d/18Ulyc4oQZiE1Q:E2WIrJ4E5n41pVN/jh7WA

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  916fd2a933b2a8a0e166c8e2caf8bd4015c71f8797b45731f1ffddd1e09edb47
- Size
  
  156KB
- MD5
  
  9131f9599055a22c6a2bbc35a91c5dea
- SHA1
  
  04fdc576e54c9291824321d2cfc077dcd2ea8110
- SHA256
  
  916fd2a933b2a8a0e166c8e2caf8bd4015c71f8797b45731f1ffddd1e09edb47
- SHA512
  
  da3c197b38da26f09f8926dbeb031c7f1a4a2504064c2ed055f49da4cfb8a997b9a2da2342ba012bf4287dfe3defb0249f174019c2d8298f9ebacf1b1754061a
- SSDEEP
  
  3072:EGoe5g+GwD8w2+d5bWIrJ4E5n41sSLeH8ozK/d/18Ulyc4oQZiE1Q:E2WIrJ4E5n41pVN/jh7WA
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence