a923b0170608fdf712e142cae953964fb756671a7622f53a7d2bc8c398dde23a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a923b0170608fdf712e142cae953964fb756671a7622f53a7d2bc8c398dde23a
Size

216KB
Sample

221203-xy6pqagf73
MD5

cc2b5080264a6e70c46829f025d45ad2
SHA1

6f2e9de97117659df7a40a63b44e33b79aa4b46d
SHA256

a923b0170608fdf712e142cae953964fb756671a7622f53a7d2bc8c398dde23a
SHA512

2962372a3ac51c37f78ef11c49dc5de1ed0eb11f28da8775236ffeab3f896043a2800421d4477e25b412046e08fcdc1348456d07a6d07af3e29d1bb51f2694c9
SSDEEP

6144:fyhrbA1x5PZZKnvmb7/D26g4upEoadEXUqgaWLIg7gd:OA1x5PZZKnvmb7/D26GadEXUqgQg7gd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a923b0170608fdf712e142cae953964fb756671a7622f53a7d2bc8c398dde23a
- Size
  
  216KB
- MD5
  
  cc2b5080264a6e70c46829f025d45ad2
- SHA1
  
  6f2e9de97117659df7a40a63b44e33b79aa4b46d
- SHA256
  
  a923b0170608fdf712e142cae953964fb756671a7622f53a7d2bc8c398dde23a
- SHA512
  
  2962372a3ac51c37f78ef11c49dc5de1ed0eb11f28da8775236ffeab3f896043a2800421d4477e25b412046e08fcdc1348456d07a6d07af3e29d1bb51f2694c9
- SSDEEP
  
  6144:fyhrbA1x5PZZKnvmb7/D26g4upEoadEXUqgaWLIg7gd:OA1x5PZZKnvmb7/D26GadEXUqgQg7gd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence