f6027539865851b8706d97a7760e2325aa6347868456a51305a7323c82639e52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6027539865851b8706d97a7760e2325aa6347868456a51305a7323c82639e52
Size

248KB
Sample

221203-yda8radf2s
MD5

133ec5029e3e60587626ab810eab4d2c
SHA1

48363d5a4d18994d8ccbe355ca22acf25c5cb4ae
SHA256

f6027539865851b8706d97a7760e2325aa6347868456a51305a7323c82639e52
SHA512

1ffc19927e7ea11f4b142aafca3e26c187aed816f2e1e47a2485f564c211e910a100b9173c563a7a0113d56305944cf64cd0689c48e4355d42a853dbfa07c0c1
SSDEEP

6144:ncrVQYyyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyE:ncQyUf9DRKlqgErIsKnPmb7/jWa1e+5F

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f6027539865851b8706d97a7760e2325aa6347868456a51305a7323c82639e52
- Size
  
  248KB
- MD5
  
  133ec5029e3e60587626ab810eab4d2c
- SHA1
  
  48363d5a4d18994d8ccbe355ca22acf25c5cb4ae
- SHA256
  
  f6027539865851b8706d97a7760e2325aa6347868456a51305a7323c82639e52
- SHA512
  
  1ffc19927e7ea11f4b142aafca3e26c187aed816f2e1e47a2485f564c211e910a100b9173c563a7a0113d56305944cf64cd0689c48e4355d42a853dbfa07c0c1
- SSDEEP
  
  6144:ncrVQYyyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyE:ncQyUf9DRKlqgErIsKnPmb7/jWa1e+5F
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence