c38b3d5c52602245bb1ee48fb2f2130edeae15b1167341c6a84d478225942385 | Triage

Sharing

General

Target

c38b3d5c52602245bb1ee48fb2f2130edeae15b1167341c6a84d478225942385
Size

118KB
Sample

221203-xvrrdsbh6y
MD5

5fee8ed219e81950ae495bca3cfaf690
SHA1

6ffc999aa912631a0f35f8eca5a122d87523cf95
SHA256

c38b3d5c52602245bb1ee48fb2f2130edeae15b1167341c6a84d478225942385
SHA512

55f78486f089ea64edaeb88e1d6b0a3913614f24e61171df70466d66de232f5cd68230f693411bc98de943267cddae5986063510b28665b7fb0ada17b63f50f7
SSDEEP

1536:3qbMlPOerdSQEKWNeSShDxuV5FJB4ds9G3RuMuFTuMup+aR2633ChDsj/pdoLOJt:8ordSQE9L5229G3S6Mal26nhj/eW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c38b3d5c52602245bb1ee48fb2f2130edeae15b1167341c6a84d478225942385
- Size
  
  118KB
- MD5
  
  5fee8ed219e81950ae495bca3cfaf690
- SHA1
  
  6ffc999aa912631a0f35f8eca5a122d87523cf95
- SHA256
  
  c38b3d5c52602245bb1ee48fb2f2130edeae15b1167341c6a84d478225942385
- SHA512
  
  55f78486f089ea64edaeb88e1d6b0a3913614f24e61171df70466d66de232f5cd68230f693411bc98de943267cddae5986063510b28665b7fb0ada17b63f50f7
- SSDEEP
  
  1536:3qbMlPOerdSQEKWNeSShDxuV5FJB4ds9G3RuMuFTuMup+aR2633ChDsj/pdoLOJt:8ordSQE9L5229G3S6Mal26nhj/eW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence