92504e0045960e9bc4f796fd49532b8b3d20d842fb5a97c206830b1efd3c58d3 | Triage

Sharing

General

Target

92504e0045960e9bc4f796fd49532b8b3d20d842fb5a97c206830b1efd3c58d3
Size

148KB
Sample

221203-x2q4face3z
MD5

16c2191faccb5da9f13925b15e107700
SHA1

f2025313a26adc5cfb62d0e89d3eae7e6862cc1d
SHA256

92504e0045960e9bc4f796fd49532b8b3d20d842fb5a97c206830b1efd3c58d3
SHA512

6b3f8d3edbcb580a34918d634eea6c85f03da67e9ae089bfce855ab40eaa4acf55c5870dfe7629e017c3ba7a71459e15b982408cc39efaf1d19e949729ab68d4
SSDEEP

1536:qz3xU6wWnlhXcro1XxcGqABdFkouQ1KeCrhzra78rBkqhpMK/vIqXIVFSQaq9iKR:1SlRcro1XaGBBQo1MHksqqXIVFSQrK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  92504e0045960e9bc4f796fd49532b8b3d20d842fb5a97c206830b1efd3c58d3
- Size
  
  148KB
- MD5
  
  16c2191faccb5da9f13925b15e107700
- SHA1
  
  f2025313a26adc5cfb62d0e89d3eae7e6862cc1d
- SHA256
  
  92504e0045960e9bc4f796fd49532b8b3d20d842fb5a97c206830b1efd3c58d3
- SHA512
  
  6b3f8d3edbcb580a34918d634eea6c85f03da67e9ae089bfce855ab40eaa4acf55c5870dfe7629e017c3ba7a71459e15b982408cc39efaf1d19e949729ab68d4
- SSDEEP
  
  1536:qz3xU6wWnlhXcro1XxcGqABdFkouQ1KeCrhzra78rBkqhpMK/vIqXIVFSQaq9iKR:1SlRcro1XaGBBQo1MHksqqXIVFSQrK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence