52d3c27a1d45d085de931fe907d0da448bc7449d1536794f8a21427514c813ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52d3c27a1d45d085de931fe907d0da448bc7449d1536794f8a21427514c813ae
Size

336KB
Sample

221203-yf6sfadh5w
MD5

ec147176eeac4184773575fe3c7c11b5
SHA1

347ba1f5559668925547b7851207f8280f31549e
SHA256

52d3c27a1d45d085de931fe907d0da448bc7449d1536794f8a21427514c813ae
SHA512

0410cfcaa11a787fc7424166ed3a4b7870ad72d3e82a92835991256ead55c7a6a781971945103f538732d60e15e40f664ee224a32bee014900213f1f5ed6bc5a
SSDEEP

6144:mygkzvh+RltuYb4NEzrVCU8TCOqHaC6Y6EX+mnqcXZWgbp1GOJ:cIYRltF4NEzrVCU8Tzq6C6Y6EX+mqcX9

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  52d3c27a1d45d085de931fe907d0da448bc7449d1536794f8a21427514c813ae
- Size
  
  336KB
- MD5
  
  ec147176eeac4184773575fe3c7c11b5
- SHA1
  
  347ba1f5559668925547b7851207f8280f31549e
- SHA256
  
  52d3c27a1d45d085de931fe907d0da448bc7449d1536794f8a21427514c813ae
- SHA512
  
  0410cfcaa11a787fc7424166ed3a4b7870ad72d3e82a92835991256ead55c7a6a781971945103f538732d60e15e40f664ee224a32bee014900213f1f5ed6bc5a
- SSDEEP
  
  6144:mygkzvh+RltuYb4NEzrVCU8TCOqHaC6Y6EX+mnqcXZWgbp1GOJ:cIYRltF4NEzrVCU8Tzq6C6Y6EX+mqcX9
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence