f95f65b4c42878fafc814f5eb1e62af3fe32cafbad6454b6d25743514b00c710 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f95f65b4c42878fafc814f5eb1e62af3fe32cafbad6454b6d25743514b00c710
Size

228KB
Sample

221203-y5d4qaga5y
MD5

f6c420a320965df5f7e766a73ede8934
SHA1

fae37b05788130bf67c7914e6c6626d9f0171385
SHA256

f95f65b4c42878fafc814f5eb1e62af3fe32cafbad6454b6d25743514b00c710
SHA512

afff016368be5e1d6e969c031eeb4a9faaa6876c909212e9cd5ee61370f30a10839ad917dc48773611342490f2060f3ea248366b2b63d0dcc4a0864b4a34d24c
SSDEEP

3072:eD64wfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCa3FqTcWEyxeL2mDHLz/5L5DEr0:46zepp3PJXCOGY3eJ3FRFyMdL5DEr6Uq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f95f65b4c42878fafc814f5eb1e62af3fe32cafbad6454b6d25743514b00c710
- Size
  
  228KB
- MD5
  
  f6c420a320965df5f7e766a73ede8934
- SHA1
  
  fae37b05788130bf67c7914e6c6626d9f0171385
- SHA256
  
  f95f65b4c42878fafc814f5eb1e62af3fe32cafbad6454b6d25743514b00c710
- SHA512
  
  afff016368be5e1d6e969c031eeb4a9faaa6876c909212e9cd5ee61370f30a10839ad917dc48773611342490f2060f3ea248366b2b63d0dcc4a0864b4a34d24c
- SSDEEP
  
  3072:eD64wfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCa3FqTcWEyxeL2mDHLz/5L5DEr0:46zepp3PJXCOGY3eJ3FRFyMdL5DEr6Uq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence