a62220878bbdaee488f7c16c17e7dc6d82c15215551cf352ee016101d30c7bbd | Triage

Sharing

General

Target

a62220878bbdaee488f7c16c17e7dc6d82c15215551cf352ee016101d30c7bbd
Size

296KB
Sample

221204-h85svace2w
MD5

083a6c9b94c7b888b46b2d79aa1448f0
SHA1

5dd789c7e4d75aa4005a1bea4a5e7ebe938b5677
SHA256

a62220878bbdaee488f7c16c17e7dc6d82c15215551cf352ee016101d30c7bbd
SHA512

a62856fe19139f4b665e3a6eb8833f23ee79c8a67fcfd620b1c21f3087017037f708b2ce8710d6694c5ed68002270854afc419f500b92e1b785cc2531d3fe7f5
SSDEEP

6144:b2aFRhcJcCC2lfKgO32mO1IdifegrSQOJMmSnxtAPUWJj9/P/oEAlu9UY6LW+6:bRCTCqmjZHJFnPnp6l2Uy+6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a62220878bbdaee488f7c16c17e7dc6d82c15215551cf352ee016101d30c7bbd
- Size
  
  296KB
- MD5
  
  083a6c9b94c7b888b46b2d79aa1448f0
- SHA1
  
  5dd789c7e4d75aa4005a1bea4a5e7ebe938b5677
- SHA256
  
  a62220878bbdaee488f7c16c17e7dc6d82c15215551cf352ee016101d30c7bbd
- SHA512
  
  a62856fe19139f4b665e3a6eb8833f23ee79c8a67fcfd620b1c21f3087017037f708b2ce8710d6694c5ed68002270854afc419f500b92e1b785cc2531d3fe7f5
- SSDEEP
  
  6144:b2aFRhcJcCC2lfKgO32mO1IdifegrSQOJMmSnxtAPUWJj9/P/oEAlu9UY6LW+6:bRCTCqmjZHJFnPnp6l2Uy+6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence