10472c849dd3611abc4345280aa1be9a39ed4a1ec899f4a2d55c6aacdf0bdc3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10472c849dd3611abc4345280aa1be9a39ed4a1ec899f4a2d55c6aacdf0bdc3d
Size

176KB
Sample

221203-yl9raaaf46
MD5

f96014c23c2b6944c757e14d7464d5e4
SHA1

e80bdf76b980fea0bc3d67a886c809c3d304e281
SHA256

10472c849dd3611abc4345280aa1be9a39ed4a1ec899f4a2d55c6aacdf0bdc3d
SHA512

ee9f3b862e479825bfd2ece813538450699597622710cdada5e5d5327a0cdf74907cd13e31290be226d0b1c7a26a899f2be99329fc12375a81a218fbc0a576d0
SSDEEP

3072:DtaGK/fObT/bGiS3LOClnkZQxlrUax81zX1faK0U9C00hKex9nQ3b7a5VpIC+RZW:Dt1K/fObT/bGiELOSnkZQxlrUax8NX1Y

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  10472c849dd3611abc4345280aa1be9a39ed4a1ec899f4a2d55c6aacdf0bdc3d
- Size
  
  176KB
- MD5
  
  f96014c23c2b6944c757e14d7464d5e4
- SHA1
  
  e80bdf76b980fea0bc3d67a886c809c3d304e281
- SHA256
  
  10472c849dd3611abc4345280aa1be9a39ed4a1ec899f4a2d55c6aacdf0bdc3d
- SHA512
  
  ee9f3b862e479825bfd2ece813538450699597622710cdada5e5d5327a0cdf74907cd13e31290be226d0b1c7a26a899f2be99329fc12375a81a218fbc0a576d0
- SSDEEP
  
  3072:DtaGK/fObT/bGiS3LOClnkZQxlrUax81zX1faK0U9C00hKex9nQ3b7a5VpIC+RZW:Dt1K/fObT/bGiELOSnkZQxlrUax8NX1Y
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence