a3bf8e32d300c8c6b7901eef3dcc82e47ca168336a91e8f1731d9f7ddba19c43 | Triage

Sharing

General

Target

a3bf8e32d300c8c6b7901eef3dcc82e47ca168336a91e8f1731d9f7ddba19c43
Size

63KB
Sample

221203-y5nm6acc74
MD5

1fe85158282000e20534413acbce8e30
SHA1

54a34e0d87119f55d7c14f6a88003882612918fe
SHA256

a3bf8e32d300c8c6b7901eef3dcc82e47ca168336a91e8f1731d9f7ddba19c43
SHA512

88753a4b9a0b8a67dd67b8353f29649a0dea3913ccabd88d2923515ac892b6ebf0e48016771de710ecdb7fdd3a8e2ec8ab384bc792366c00bcda1fa7dd7cc8a2
SSDEEP

768:TOfEWgIYBoJeQylDUV8NUIu0oWsV1qaZIp/Bj7YcRpaSOovHYxtxdvO:S+z1lMzGs1stvHYxtH2

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a3bf8e32d300c8c6b7901eef3dcc82e47ca168336a91e8f1731d9f7ddba19c43
- Size
  
  63KB
- MD5
  
  1fe85158282000e20534413acbce8e30
- SHA1
  
  54a34e0d87119f55d7c14f6a88003882612918fe
- SHA256
  
  a3bf8e32d300c8c6b7901eef3dcc82e47ca168336a91e8f1731d9f7ddba19c43
- SHA512
  
  88753a4b9a0b8a67dd67b8353f29649a0dea3913ccabd88d2923515ac892b6ebf0e48016771de710ecdb7fdd3a8e2ec8ab384bc792366c00bcda1fa7dd7cc8a2
- SSDEEP
  
  768:TOfEWgIYBoJeQylDUV8NUIu0oWsV1qaZIp/Bj7YcRpaSOovHYxtxdvO:S+z1lMzGs1stvHYxtH2
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence