6352f4463c3fc42a32bbe6758b2b272fad99f1d979cd3742526e47b3d729f61f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6352f4463c3fc42a32bbe6758b2b272fad99f1d979cd3742526e47b3d729f61f
Size

140KB
Sample

221203-yd9rbaaa32
MD5

0fe38a686e9d02a5fe8e613b063ef590
SHA1

a010a83419f0e43eb292f679710f5db5c872c1c0
SHA256

6352f4463c3fc42a32bbe6758b2b272fad99f1d979cd3742526e47b3d729f61f
SHA512

3865866b615c0f18a36a662823ad22eb1dff70b06505dc646e3e77e930294f4057726a1013ffeb728be93f4bc6dfadd84fd724e2be69e96a93e27faadfdb0402
SSDEEP

3072:QBq7clSAY5uXq0cu3XMO4nZLJY0PoeU60ohKdlLWO7:QBqtAY5uXq0cu3XMO4nZLJPot60ohKdR

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6352f4463c3fc42a32bbe6758b2b272fad99f1d979cd3742526e47b3d729f61f
- Size
  
  140KB
- MD5
  
  0fe38a686e9d02a5fe8e613b063ef590
- SHA1
  
  a010a83419f0e43eb292f679710f5db5c872c1c0
- SHA256
  
  6352f4463c3fc42a32bbe6758b2b272fad99f1d979cd3742526e47b3d729f61f
- SHA512
  
  3865866b615c0f18a36a662823ad22eb1dff70b06505dc646e3e77e930294f4057726a1013ffeb728be93f4bc6dfadd84fd724e2be69e96a93e27faadfdb0402
- SSDEEP
  
  3072:QBq7clSAY5uXq0cu3XMO4nZLJY0PoeU60ohKdlLWO7:QBqtAY5uXq0cu3XMO4nZLJPot60ohKdR
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence