a259969b6fd48340f98d575e469b96341bfd45f5e97a4777b462f9be04e17be5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a259969b6fd48340f98d575e469b96341bfd45f5e97a4777b462f9be04e17be5
Size

148KB
Sample

221204-a529jsfh5x
MD5

30c17a49907ff35ded0056137256c415
SHA1

8af674e8e074c341b180c4a25472dd26ae1fee7e
SHA256

a259969b6fd48340f98d575e469b96341bfd45f5e97a4777b462f9be04e17be5
SHA512

16489d16f2275d2096a4170d85c56b4f6593df92f5be9a183c49198021901fb41e9ab01b3ed4d70da18ac84fc4a92389b87acc6386920c10cd2223df2315e757
SSDEEP

3072:HsjZBWAJCbL2+LaEdtQqXjuVx3ucPsunjzc5ULc5uszD9dDy6j6:HKZBWAJCbL2+LaEdSVx35P1nnc5ULc5B

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a259969b6fd48340f98d575e469b96341bfd45f5e97a4777b462f9be04e17be5
- Size
  
  148KB
- MD5
  
  30c17a49907ff35ded0056137256c415
- SHA1
  
  8af674e8e074c341b180c4a25472dd26ae1fee7e
- SHA256
  
  a259969b6fd48340f98d575e469b96341bfd45f5e97a4777b462f9be04e17be5
- SHA512
  
  16489d16f2275d2096a4170d85c56b4f6593df92f5be9a183c49198021901fb41e9ab01b3ed4d70da18ac84fc4a92389b87acc6386920c10cd2223df2315e757
- SSDEEP
  
  3072:HsjZBWAJCbL2+LaEdtQqXjuVx3ucPsunjzc5ULc5uszD9dDy6j6:HKZBWAJCbL2+LaEdSVx35P1nnc5ULc5B
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence