951524974b444c30339a8dc1d319c8aa40531d87a16f67bade0d0e003138d640 | Triage

Sharing

General

Target

951524974b444c30339a8dc1d319c8aa40531d87a16f67bade0d0e003138d640
Size

152KB
Sample

221203-yvdp7sbc87
MD5

0c4a8d57be537870d2eef09a64d606e0
SHA1

995b88eb510a078e246ec97c4114e0c83b736fb2
SHA256

951524974b444c30339a8dc1d319c8aa40531d87a16f67bade0d0e003138d640
SHA512

27d386965ce9c865630979ad217fbdb1113520fd2b815307427e649d2f84cd10d180737fa04503d6d2fda8c6f9b9c8aef11a284c0cfdae3b98bc5533dc3d928f
SSDEEP

3072:zMly5apYFWWYUczAveWBODJDuviDO2lL4oQZiENe:MCapYFDYe2gQxuvia2llW6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  951524974b444c30339a8dc1d319c8aa40531d87a16f67bade0d0e003138d640
- Size
  
  152KB
- MD5
  
  0c4a8d57be537870d2eef09a64d606e0
- SHA1
  
  995b88eb510a078e246ec97c4114e0c83b736fb2
- SHA256
  
  951524974b444c30339a8dc1d319c8aa40531d87a16f67bade0d0e003138d640
- SHA512
  
  27d386965ce9c865630979ad217fbdb1113520fd2b815307427e649d2f84cd10d180737fa04503d6d2fda8c6f9b9c8aef11a284c0cfdae3b98bc5533dc3d928f
- SSDEEP
  
  3072:zMly5apYFWWYUczAveWBODJDuviDO2lL4oQZiENe:MCapYFDYe2gQxuvia2llW6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence