0f85984254be4c9a63d196eec379c6ffa64499c407fdd3978f931d9fbe0930d0 | Triage

Sharing

General

Target

0f85984254be4c9a63d196eec379c6ffa64499c407fdd3978f931d9fbe0930d0
Size

304KB
Sample

221204-nq4eysed64
MD5

f95cf9af8fd14f79a920bccc19d696ba
SHA1

8d9634d7b6e93e0dd0767d6523d8aa4ee2def74c
SHA256

0f85984254be4c9a63d196eec379c6ffa64499c407fdd3978f931d9fbe0930d0
SHA512

668d6983e202108576a7d45be8ac0be7f390bf7289ba01f46d2b7412c27a66acfe0e3e4dd83cf7a702e52d7c6acc3b78cd2e423f7877435c145a010d1dad71fd
SSDEEP

3072:iRf1i2Dwhe6YIRnbXtcU75FzKqc+HTi1op2aEaDFHT+7pvPxvQTo:tx9oYixla8xN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0f85984254be4c9a63d196eec379c6ffa64499c407fdd3978f931d9fbe0930d0
- Size
  
  304KB
- MD5
  
  f95cf9af8fd14f79a920bccc19d696ba
- SHA1
  
  8d9634d7b6e93e0dd0767d6523d8aa4ee2def74c
- SHA256
  
  0f85984254be4c9a63d196eec379c6ffa64499c407fdd3978f931d9fbe0930d0
- SHA512
  
  668d6983e202108576a7d45be8ac0be7f390bf7289ba01f46d2b7412c27a66acfe0e3e4dd83cf7a702e52d7c6acc3b78cd2e423f7877435c145a010d1dad71fd
- SSDEEP
  
  3072:iRf1i2Dwhe6YIRnbXtcU75FzKqc+HTi1op2aEaDFHT+7pvPxvQTo:tx9oYixla8xN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence