9912bfd7382e5c5b43c8bfa6f7c4c4c0a45024c4f5a1b54576c1eaaa8809df33 | Triage

Sharing

General

Target

9912bfd7382e5c5b43c8bfa6f7c4c4c0a45024c4f5a1b54576c1eaaa8809df33
Size

232KB
Sample

221203-ykt97sae48
MD5

0515139f0fa661048923e161f580e3c1
SHA1

190258180eaf608492c1a18879b629c7676d5098
SHA256

9912bfd7382e5c5b43c8bfa6f7c4c4c0a45024c4f5a1b54576c1eaaa8809df33
SHA512

52e2113016966af692c1e8e289546e29893c008ca47741f5a0708a03fae1101d2939a77fe01dda6f63e20cb8b8b2ee6515c561fd406af82d8b9ac9a8ba11b8f1
SSDEEP

3072:GtAKE9tH8lsakNWYCs5fDF4LJSImbV8UvR77D9G5UEDVR/bwutUqQJ8by3:G0tHzbF4NN28UJ77hGGED/bbJb+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9912bfd7382e5c5b43c8bfa6f7c4c4c0a45024c4f5a1b54576c1eaaa8809df33
- Size
  
  232KB
- MD5
  
  0515139f0fa661048923e161f580e3c1
- SHA1
  
  190258180eaf608492c1a18879b629c7676d5098
- SHA256
  
  9912bfd7382e5c5b43c8bfa6f7c4c4c0a45024c4f5a1b54576c1eaaa8809df33
- SHA512
  
  52e2113016966af692c1e8e289546e29893c008ca47741f5a0708a03fae1101d2939a77fe01dda6f63e20cb8b8b2ee6515c561fd406af82d8b9ac9a8ba11b8f1
- SSDEEP
  
  3072:GtAKE9tH8lsakNWYCs5fDF4LJSImbV8UvR77D9G5UEDVR/bwutUqQJ8by3:G0tHzbF4NN28UJ77hGGED/bbJb+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence