ac374876d8f1d34a29f1aa0dd718c806295f3ab1a6a1978995a999915bae06cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac374876d8f1d34a29f1aa0dd718c806295f3ab1a6a1978995a999915bae06cc
Size

248KB
Sample

221203-ydtp4ahh84
MD5

afa453af9ae76b0c9b63f3c8540aca14
SHA1

ac5051487bb0a846780202b13aa632121447b9fc
SHA256

ac374876d8f1d34a29f1aa0dd718c806295f3ab1a6a1978995a999915bae06cc
SHA512

093bc5759b5329c1f3fb627a6eab01b8db21d917da23ec737ad5b6d0ce92f1d002aac998e5b437f666581b8967726223d3e3a82e4d9105490a2dce86929cf378
SSDEEP

6144:eL+VQHyyUf9dP9LAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39Rb:eLGyUf9oRKlqgErIsKnPmb7/jWa1e+5W

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ac374876d8f1d34a29f1aa0dd718c806295f3ab1a6a1978995a999915bae06cc
- Size
  
  248KB
- MD5
  
  afa453af9ae76b0c9b63f3c8540aca14
- SHA1
  
  ac5051487bb0a846780202b13aa632121447b9fc
- SHA256
  
  ac374876d8f1d34a29f1aa0dd718c806295f3ab1a6a1978995a999915bae06cc
- SHA512
  
  093bc5759b5329c1f3fb627a6eab01b8db21d917da23ec737ad5b6d0ce92f1d002aac998e5b437f666581b8967726223d3e3a82e4d9105490a2dce86929cf378
- SSDEEP
  
  6144:eL+VQHyyUf9dP9LAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39Rb:eLGyUf9oRKlqgErIsKnPmb7/jWa1e+5W
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence