4bbea2228d5a08b94cf7bd15b09db01411773bf2dcc66498ceec6b04fae37a91 | Triage

Sharing

General

Target

4bbea2228d5a08b94cf7bd15b09db01411773bf2dcc66498ceec6b04fae37a91
Size

312KB
Sample

221204-nm16esea84
MD5

08a72181682f3d202a74f3e8d4447ec5
SHA1

494f338de520e5526ad609d312b38dc5dd072c98
SHA256

4bbea2228d5a08b94cf7bd15b09db01411773bf2dcc66498ceec6b04fae37a91
SHA512

2bafef93756a4f557734be4326aa95ca5888962706476a82d6dae905e55fd4b4a35cfce17d40028faae1a5b417465dc46eb6fcf487d3334d33a6ba3cc4083810
SSDEEP

6144:uebc0f7XP+g3AGJpWVzuoRHeEgRK/fObT/bGiJKv6R7MkZ4lUr8W9HuOGKqvsMMJ:vw27/XvLWpuOeEgRK/fObT/bGiJlMkZp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4bbea2228d5a08b94cf7bd15b09db01411773bf2dcc66498ceec6b04fae37a91
- Size
  
  312KB
- MD5
  
  08a72181682f3d202a74f3e8d4447ec5
- SHA1
  
  494f338de520e5526ad609d312b38dc5dd072c98
- SHA256
  
  4bbea2228d5a08b94cf7bd15b09db01411773bf2dcc66498ceec6b04fae37a91
- SHA512
  
  2bafef93756a4f557734be4326aa95ca5888962706476a82d6dae905e55fd4b4a35cfce17d40028faae1a5b417465dc46eb6fcf487d3334d33a6ba3cc4083810
- SSDEEP
  
  6144:uebc0f7XP+g3AGJpWVzuoRHeEgRK/fObT/bGiJKv6R7MkZ4lUr8W9HuOGKqvsMMJ:vw27/XvLWpuOeEgRK/fObT/bGiJlMkZp
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence