c50611155e452b04251d87ff87163176463a74c0eba10b12406abbc4ceb56e8b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c50611155e452b04251d87ff87163176463a74c0eba10b12406abbc4ceb56e8b
Size

228KB
Sample

221203-xvlv5sbh5x
MD5

85f92d12a7c38438e96d577fc5e1ec15
SHA1

3b3a596e90449e332495d831f9339f5de572f5df
SHA256

c50611155e452b04251d87ff87163176463a74c0eba10b12406abbc4ceb56e8b
SHA512

016c502fd3b88b04371ffd6fb84bf0d7bc0596e732a2d817d8a2297643b8a9499679f4524e3336107bd3c8c77bac5ba0429b60621aebdd902ce3eb4854660090
SSDEEP

6144:0kKqhXbU7akpWm0/mnn7ruTbio1We0xOodpBN1:m+LQpWm0/mnn7ruTbio1We0xOodpP1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c50611155e452b04251d87ff87163176463a74c0eba10b12406abbc4ceb56e8b
- Size
  
  228KB
- MD5
  
  85f92d12a7c38438e96d577fc5e1ec15
- SHA1
  
  3b3a596e90449e332495d831f9339f5de572f5df
- SHA256
  
  c50611155e452b04251d87ff87163176463a74c0eba10b12406abbc4ceb56e8b
- SHA512
  
  016c502fd3b88b04371ffd6fb84bf0d7bc0596e732a2d817d8a2297643b8a9499679f4524e3336107bd3c8c77bac5ba0429b60621aebdd902ce3eb4854660090
- SSDEEP
  
  6144:0kKqhXbU7akpWm0/mnn7ruTbio1We0xOodpBN1:m+LQpWm0/mnn7ruTbio1We0xOodpP1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence