cd2cdd02d2634cf5fe4cc4051b72d77998fc550a9642d4b1837350ab9bab82a4 | Triage

Sharing

General

Target

cd2cdd02d2634cf5fe4cc4051b72d77998fc550a9642d4b1837350ab9bab82a4
Size

292KB
Sample

221203-ysn36afa3s
MD5

0aa5f5712a1c060dc222d0c83ac712bb
SHA1

fe57c3b4278334f418262ad562932cd19ae54758
SHA256

cd2cdd02d2634cf5fe4cc4051b72d77998fc550a9642d4b1837350ab9bab82a4
SHA512

58cae1f2acb975a5311be2ab66eaaa2aabd85ee7689f1ca33765b5eec72bf158100f5813bd951f55e041ac2569e8066a1a81c64e92233d18d4715cfa515c52f8
SSDEEP

3072:/ncOz4t9diLbODq7CFLuBpaFBzxk7c7awSZohDnjV2S8NmMx3WarRDS7zsUiztph:/GiLSLuBpszxk7USZoDnp23xmg9LUutb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cd2cdd02d2634cf5fe4cc4051b72d77998fc550a9642d4b1837350ab9bab82a4
- Size
  
  292KB
- MD5
  
  0aa5f5712a1c060dc222d0c83ac712bb
- SHA1
  
  fe57c3b4278334f418262ad562932cd19ae54758
- SHA256
  
  cd2cdd02d2634cf5fe4cc4051b72d77998fc550a9642d4b1837350ab9bab82a4
- SHA512
  
  58cae1f2acb975a5311be2ab66eaaa2aabd85ee7689f1ca33765b5eec72bf158100f5813bd951f55e041ac2569e8066a1a81c64e92233d18d4715cfa515c52f8
- SSDEEP
  
  3072:/ncOz4t9diLbODq7CFLuBpaFBzxk7c7awSZohDnjV2S8NmMx3WarRDS7zsUiztph:/GiLSLuBpszxk7USZoDnp23xmg9LUutb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence