b892dd6ec3b868e7b625bb5f90cb9f7f0beeb9f4f67a395eea986d852a885bf4 | Triage

Sharing

General

Target

b892dd6ec3b868e7b625bb5f90cb9f7f0beeb9f4f67a395eea986d852a885bf4
Size

128KB
Sample

221203-ylyn1saf25
MD5

d5478c8da220ebe1784bdb8c289e1dd4
SHA1

e9b9cfd5e5684567733129fddd35e62af5caa1f6
SHA256

b892dd6ec3b868e7b625bb5f90cb9f7f0beeb9f4f67a395eea986d852a885bf4
SHA512

f33c40237b5df882a1b6e01f696c4fd054b889acc347800155d39d8f752864cd6b0cd733a832a1c088a602fca358aeac557c0aa50075939e8a33ea707382ac85
SSDEEP

1536:wuGs/90+l3R4amUwucNKI4PXaLhR8eHnuXcFBnbStr6O+o/dJNZWW7fob:wlUxPXER8eOkBWoiTgW7G

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b892dd6ec3b868e7b625bb5f90cb9f7f0beeb9f4f67a395eea986d852a885bf4
- Size
  
  128KB
- MD5
  
  d5478c8da220ebe1784bdb8c289e1dd4
- SHA1
  
  e9b9cfd5e5684567733129fddd35e62af5caa1f6
- SHA256
  
  b892dd6ec3b868e7b625bb5f90cb9f7f0beeb9f4f67a395eea986d852a885bf4
- SHA512
  
  f33c40237b5df882a1b6e01f696c4fd054b889acc347800155d39d8f752864cd6b0cd733a832a1c088a602fca358aeac557c0aa50075939e8a33ea707382ac85
- SSDEEP
  
  1536:wuGs/90+l3R4amUwucNKI4PXaLhR8eHnuXcFBnbStr6O+o/dJNZWW7fob:wlUxPXER8eOkBWoiTgW7G
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence