a66d56a75eb5cbd1484e35bde4e3bbc1c5e155fc281d622a898c1259bddcd7f3 | Triage

Sharing

General

Target

a66d56a75eb5cbd1484e35bde4e3bbc1c5e155fc281d622a898c1259bddcd7f3
Size

248KB
Sample

221203-ydxfzshh89
MD5

7bbdee8c5e095cbc13845361bc182a86
SHA1

5d3dc3d6323252b6424ac05676b239ba47ee1fdf
SHA256

a66d56a75eb5cbd1484e35bde4e3bbc1c5e155fc281d622a898c1259bddcd7f3
SHA512

c8de443263cf659aa884e47240e7e7f2bfb497958ad89cf04f3851b36727db1d3581d1282e2feb753b29bf7657b1a8ab7e2918079d7ec61153e7f95731eafaed
SSDEEP

6144:DsLVQGryyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWt:DsQyUf9DRKlqgErIsKnPmb7/jWa1e+5h

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a66d56a75eb5cbd1484e35bde4e3bbc1c5e155fc281d622a898c1259bddcd7f3
- Size
  
  248KB
- MD5
  
  7bbdee8c5e095cbc13845361bc182a86
- SHA1
  
  5d3dc3d6323252b6424ac05676b239ba47ee1fdf
- SHA256
  
  a66d56a75eb5cbd1484e35bde4e3bbc1c5e155fc281d622a898c1259bddcd7f3
- SHA512
  
  c8de443263cf659aa884e47240e7e7f2bfb497958ad89cf04f3851b36727db1d3581d1282e2feb753b29bf7657b1a8ab7e2918079d7ec61153e7f95731eafaed
- SSDEEP
  
  6144:DsLVQGryyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWt:DsQyUf9DRKlqgErIsKnPmb7/jWa1e+5h
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence