ca3f8666e815401f1d875d9ea6f1c28180c9f0839099e4fe91fffaec499ec20a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca3f8666e815401f1d875d9ea6f1c28180c9f0839099e4fe91fffaec499ec20a
Size

312KB
Sample

221205-15bdyafb6z
MD5

32ac31c8218cec4c1db9c77af31503f0
SHA1

7761b9575b95ad877a760dc605872aa81aa1ed4e
SHA256

ca3f8666e815401f1d875d9ea6f1c28180c9f0839099e4fe91fffaec499ec20a
SHA512

6b78c634243ac14e1fb22fb93640d609d39d15c4ebfdcd28a80b83c66b22fb4ee3bb49a2b5f0b441a093a0c5d0ce67a3ce1757bf584db75cc5611dc1d46630c7
SSDEEP

3072:yxKsZo9oYmfWxJYwExxusHwadMX0sQ84O1s4NV9O7PBEtFjjUcsFP84K6yR:EKEfWxJYw4xusHwsY0sQeX9ODWuPxny

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ca3f8666e815401f1d875d9ea6f1c28180c9f0839099e4fe91fffaec499ec20a
- Size
  
  312KB
- MD5
  
  32ac31c8218cec4c1db9c77af31503f0
- SHA1
  
  7761b9575b95ad877a760dc605872aa81aa1ed4e
- SHA256
  
  ca3f8666e815401f1d875d9ea6f1c28180c9f0839099e4fe91fffaec499ec20a
- SHA512
  
  6b78c634243ac14e1fb22fb93640d609d39d15c4ebfdcd28a80b83c66b22fb4ee3bb49a2b5f0b441a093a0c5d0ce67a3ce1757bf584db75cc5611dc1d46630c7
- SSDEEP
  
  3072:yxKsZo9oYmfWxJYwExxusHwadMX0sQ84O1s4NV9O7PBEtFjjUcsFP84K6yR:EKEfWxJYw4xusHwsY0sQeX9ODWuPxny
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence