50563068eccf62f884fda0cea3236f5aab488772b9cfcadde28492c338ba9617 | Triage

Sharing

General

Target

50563068eccf62f884fda0cea3236f5aab488772b9cfcadde28492c338ba9617
Size

184KB
Sample

221203-x6bvbacg7y
MD5

286ecb4a7f76131d2d9438818cd56050
SHA1

596c8b6f9f025a6fa0f73fb85b06587c15a2a685
SHA256

50563068eccf62f884fda0cea3236f5aab488772b9cfcadde28492c338ba9617
SHA512

5d6330bf4e00d000cd0642746597c80f9c73a4b62f33915b0c659bd00e8e043fc6b342beb3293d344a74b60310ad6592db29a446ab9448ca60819a773c70b072
SSDEEP

3072:E3e3irjob64QDLw4fUbaxoOGM7J0Z4y1oEc2xtq1cy4aqosAm+w90ZC4:O9c4egCby4aqosAm+w90z

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  50563068eccf62f884fda0cea3236f5aab488772b9cfcadde28492c338ba9617
- Size
  
  184KB
- MD5
  
  286ecb4a7f76131d2d9438818cd56050
- SHA1
  
  596c8b6f9f025a6fa0f73fb85b06587c15a2a685
- SHA256
  
  50563068eccf62f884fda0cea3236f5aab488772b9cfcadde28492c338ba9617
- SHA512
  
  5d6330bf4e00d000cd0642746597c80f9c73a4b62f33915b0c659bd00e8e043fc6b342beb3293d344a74b60310ad6592db29a446ab9448ca60819a773c70b072
- SSDEEP
  
  3072:E3e3irjob64QDLw4fUbaxoOGM7J0Z4y1oEc2xtq1cy4aqosAm+w90ZC4:O9c4egCby4aqosAm+w90z
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence