c986876554795ea2f993e79d06b33ac4e07cdde76d90e937a94fe502b3deeaee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c986876554795ea2f993e79d06b33ac4e07cdde76d90e937a94fe502b3deeaee
Size

156KB
Sample

221203-wgzdmsfe9x
MD5

83d4afe9147bf089e7128fb2eeffa623
SHA1

4541eec0c5e5279576de181e6f48bd4394a473d3
SHA256

c986876554795ea2f993e79d06b33ac4e07cdde76d90e937a94fe502b3deeaee
SHA512

006a9d86d55d3c4cd23f6298c2ee1db7b3d4502b00e6a4646305c971239b052b95e5014e53e7b8a0a4545e097de5936576c2fb579ab8f17bdc6eabe38f8ff58b
SSDEEP

3072:X0O2OWj5h3QKWXXWXG8FF7K+AmsgE5kEZZZy6x8z4oQZiEe29:7WjX3QKKXWFFF7KlgaS/WwI

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c986876554795ea2f993e79d06b33ac4e07cdde76d90e937a94fe502b3deeaee
- Size
  
  156KB
- MD5
  
  83d4afe9147bf089e7128fb2eeffa623
- SHA1
  
  4541eec0c5e5279576de181e6f48bd4394a473d3
- SHA256
  
  c986876554795ea2f993e79d06b33ac4e07cdde76d90e937a94fe502b3deeaee
- SHA512
  
  006a9d86d55d3c4cd23f6298c2ee1db7b3d4502b00e6a4646305c971239b052b95e5014e53e7b8a0a4545e097de5936576c2fb579ab8f17bdc6eabe38f8ff58b
- SSDEEP
  
  3072:X0O2OWj5h3QKWXXWXG8FF7K+AmsgE5kEZZZy6x8z4oQZiEe29:7WjX3QKKXWFFF7KlgaS/WwI
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence