b469fce9477dc74bcf096ead1bd639ea410a649033dd98da595faeb9198f4f86 | Triage

Sharing

General

Target

b469fce9477dc74bcf096ead1bd639ea410a649033dd98da595faeb9198f4f86
Size

260KB
Sample

221203-xxtnrsge65
MD5

6b44d414afcf789ba4bbb6aa681768a9
SHA1

ee80cabfb1f64c3d79bb1e47003324c073b8b20d
SHA256

b469fce9477dc74bcf096ead1bd639ea410a649033dd98da595faeb9198f4f86
SHA512

401b21d08ac645da52ce11d8d4e00ab6a169ea1fd04ad45b98c4f9a46cce71c11d93ef7686bfeaeb05f82462a2c44bda14a94826dbc42f88a3e1437363e9e612
SSDEEP

6144:hjOxrVG3zzyXcM9ZoxtoFIZ93Cv8A/DPPiZi6Y:CIzzyXcM9ZoxtoFIZ93Cv8A/DXaY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b469fce9477dc74bcf096ead1bd639ea410a649033dd98da595faeb9198f4f86
- Size
  
  260KB
- MD5
  
  6b44d414afcf789ba4bbb6aa681768a9
- SHA1
  
  ee80cabfb1f64c3d79bb1e47003324c073b8b20d
- SHA256
  
  b469fce9477dc74bcf096ead1bd639ea410a649033dd98da595faeb9198f4f86
- SHA512
  
  401b21d08ac645da52ce11d8d4e00ab6a169ea1fd04ad45b98c4f9a46cce71c11d93ef7686bfeaeb05f82462a2c44bda14a94826dbc42f88a3e1437363e9e612
- SSDEEP
  
  6144:hjOxrVG3zzyXcM9ZoxtoFIZ93Cv8A/DPPiZi6Y:CIzzyXcM9ZoxtoFIZ93Cv8A/DXaY
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence