9cb77fab3a0a95088005713248d4d043485a9191bacb53550a81cf2441d16cbc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9cb77fab3a0a95088005713248d4d043485a9191bacb53550a81cf2441d16cbc
Size

96KB
Sample

221203-ycdx9ade3v
MD5

2786caf3e00d6dc300bab414850f54c0
SHA1

32e9c563582e5ba2e1062231ae5b05fa283708cf
SHA256

9cb77fab3a0a95088005713248d4d043485a9191bacb53550a81cf2441d16cbc
SHA512

35567d90d2097bcb1c3562b91e2d9ecc6b3cfbd59244a46bacb39781315c368e81d6d4c5c021dd2290d647bc5d71fc0131e531c6121f4b17d594ca4ce7c51c9d
SSDEEP

1536:UAEg52WbtyVQO8PXychowjj3RJEEo/k3gzinynEkRldUEPjlijOevNIjN:FE/WUOychlzRqEkMCRld8vCN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9cb77fab3a0a95088005713248d4d043485a9191bacb53550a81cf2441d16cbc
- Size
  
  96KB
- MD5
  
  2786caf3e00d6dc300bab414850f54c0
- SHA1
  
  32e9c563582e5ba2e1062231ae5b05fa283708cf
- SHA256
  
  9cb77fab3a0a95088005713248d4d043485a9191bacb53550a81cf2441d16cbc
- SHA512
  
  35567d90d2097bcb1c3562b91e2d9ecc6b3cfbd59244a46bacb39781315c368e81d6d4c5c021dd2290d647bc5d71fc0131e531c6121f4b17d594ca4ce7c51c9d
- SSDEEP
  
  1536:UAEg52WbtyVQO8PXychowjj3RJEEo/k3gzinynEkRldUEPjlijOevNIjN:FE/WUOychlzRqEkMCRld8vCN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence