96c8d7e4a4763a3973e2bad1fb4252d399e0652b53e61d62066b25d5990601ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96c8d7e4a4763a3973e2bad1fb4252d399e0652b53e61d62066b25d5990601ff
Size

248KB
Sample

221205-298exaaf8v
MD5

2c5a6d9893bbc4ff945ee68ef39b05d4
SHA1

cb8585849b5a4e868e214b22ea9ce83518f3fa9a
SHA256

96c8d7e4a4763a3973e2bad1fb4252d399e0652b53e61d62066b25d5990601ff
SHA512

052a86d2c77c753fd89510ef9ef30e0feee6ea44eefde89a7299f74b87136f30b04e275ec19a5589b5b5d565696dbb20958da89652cff5e602795aadfb7b3bc8
SSDEEP

6144:T+UVQ+pyyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWU:T+9yUf9DRKlqgErIsKnPmb7/jWa1e+5T

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  96c8d7e4a4763a3973e2bad1fb4252d399e0652b53e61d62066b25d5990601ff
- Size
  
  248KB
- MD5
  
  2c5a6d9893bbc4ff945ee68ef39b05d4
- SHA1
  
  cb8585849b5a4e868e214b22ea9ce83518f3fa9a
- SHA256
  
  96c8d7e4a4763a3973e2bad1fb4252d399e0652b53e61d62066b25d5990601ff
- SHA512
  
  052a86d2c77c753fd89510ef9ef30e0feee6ea44eefde89a7299f74b87136f30b04e275ec19a5589b5b5d565696dbb20958da89652cff5e602795aadfb7b3bc8
- SSDEEP
  
  6144:T+UVQ+pyyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWU:T+9yUf9DRKlqgErIsKnPmb7/jWa1e+5T
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence