3521d24fa0a5f01d4f4e28cd71064eca42ce73992789f219d83412b9e85f7de7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3521d24fa0a5f01d4f4e28cd71064eca42ce73992789f219d83412b9e85f7de7
Size

156KB
Sample

221203-x69fksch6v
MD5

05fd2e3ab3fbc2dee668a824b5f34b60
SHA1

c43bf607c9ffd1772130c6193a98e6d44ef4e2b8
SHA256

3521d24fa0a5f01d4f4e28cd71064eca42ce73992789f219d83412b9e85f7de7
SHA512

57025fa99ca8273e11189cb5142390483d662d58298a4c5a71c1a7d11f49184afc484d0f24c5a228d9e8e0cc13fd3d32f665efadfb3c1c99e703396a67e3c6d1
SSDEEP

3072:9hBU1vvf963zW2FFWj8mXXvNrkUpBdasFhSFJmoq2vXqkyzGsNry9/9P9w9BVgI/:BU1vvf963zW2FFWImXXvNrkUpBdasFhH

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3521d24fa0a5f01d4f4e28cd71064eca42ce73992789f219d83412b9e85f7de7
- Size
  
  156KB
- MD5
  
  05fd2e3ab3fbc2dee668a824b5f34b60
- SHA1
  
  c43bf607c9ffd1772130c6193a98e6d44ef4e2b8
- SHA256
  
  3521d24fa0a5f01d4f4e28cd71064eca42ce73992789f219d83412b9e85f7de7
- SHA512
  
  57025fa99ca8273e11189cb5142390483d662d58298a4c5a71c1a7d11f49184afc484d0f24c5a228d9e8e0cc13fd3d32f665efadfb3c1c99e703396a67e3c6d1
- SSDEEP
  
  3072:9hBU1vvf963zW2FFWj8mXXvNrkUpBdasFhSFJmoq2vXqkyzGsNry9/9P9w9BVgI/:BU1vvf963zW2FFWImXXvNrkUpBdasFhH
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence