88b706949ba5a180d20e8b4291bd2de98b87f62bfe8a74181ebe8f533dddd91e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

88b706949ba5a180d20e8b4291bd2de98b87f62bfe8a74181ebe8f533dddd91e
Size

232KB
Sample

221203-x3km2sce8y
MD5

0b567b9b3e501cc33378112d785d3f1b
SHA1

512cf0c8a070d24f8c14f40f235b7b3c7b89be0c
SHA256

88b706949ba5a180d20e8b4291bd2de98b87f62bfe8a74181ebe8f533dddd91e
SHA512

51b8109fbb9ad6e71fea9621d64b858373d92f646e088700605b71fec6d8cefc90c34a68cb198e64284ee6c0517ce3793e0612289cccd6c9f06240da3303e88e
SSDEEP

6144:y23PFKs78g2KyEOaWEqxF6snji81RUinKdNObY:/Ph+mF9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  88b706949ba5a180d20e8b4291bd2de98b87f62bfe8a74181ebe8f533dddd91e
- Size
  
  232KB
- MD5
  
  0b567b9b3e501cc33378112d785d3f1b
- SHA1
  
  512cf0c8a070d24f8c14f40f235b7b3c7b89be0c
- SHA256
  
  88b706949ba5a180d20e8b4291bd2de98b87f62bfe8a74181ebe8f533dddd91e
- SHA512
  
  51b8109fbb9ad6e71fea9621d64b858373d92f646e088700605b71fec6d8cefc90c34a68cb198e64284ee6c0517ce3793e0612289cccd6c9f06240da3303e88e
- SSDEEP
  
  6144:y23PFKs78g2KyEOaWEqxF6snji81RUinKdNObY:/Ph+mF9
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence