a4542723ccb522c067ed75ce31be44f04ee88ae492bad4f14e90caf14d2f8227 | Triage

Sharing

General

Target

a4542723ccb522c067ed75ce31be44f04ee88ae492bad4f14e90caf14d2f8227
Size

200KB
Sample

221204-khdyjsgb9z
MD5

cd7e801ec68818d4a7ca8182cf0ea8bd
SHA1

be6d1329b6d6aab25877a5688356222ece2c62ae
SHA256

a4542723ccb522c067ed75ce31be44f04ee88ae492bad4f14e90caf14d2f8227
SHA512

7da8363efb0a280312a6e5bef7262708fa97b06d737293e2ba822f1b93e7215849bff7da8cc71e6abe8faed7f96dd534d504097609cd415f56c031dc83f329cd
SSDEEP

1536:CUDoSiphHeXduZAEVFZFe6AlKvfQ5sUQAMEY0/fMktOe:AneFEFte

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a4542723ccb522c067ed75ce31be44f04ee88ae492bad4f14e90caf14d2f8227
- Size
  
  200KB
- MD5
  
  cd7e801ec68818d4a7ca8182cf0ea8bd
- SHA1
  
  be6d1329b6d6aab25877a5688356222ece2c62ae
- SHA256
  
  a4542723ccb522c067ed75ce31be44f04ee88ae492bad4f14e90caf14d2f8227
- SHA512
  
  7da8363efb0a280312a6e5bef7262708fa97b06d737293e2ba822f1b93e7215849bff7da8cc71e6abe8faed7f96dd534d504097609cd415f56c031dc83f329cd
- SSDEEP
  
  1536:CUDoSiphHeXduZAEVFZFe6AlKvfQ5sUQAMEY0/fMktOe:AneFEFte
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence