d44b3732af122c54399e448274fc2ac2dc96697c545536e89815fd080f03ad6c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d44b3732af122c54399e448274fc2ac2dc96697c545536e89815fd080f03ad6c
Size

212KB
Sample

221205-2npexaea58
MD5

115aeaee0b2d0a1ea6f6df25c0eec6d4
SHA1

dfde1242b925aa55d84af795645f547ed69eebaa
SHA256

d44b3732af122c54399e448274fc2ac2dc96697c545536e89815fd080f03ad6c
SHA512

9a0f9bd1d5cbbc97b7248da3a1f7735ac4001198e9f177e315f7fae18c9449bc8665155002b4aa38e7ec5452f6905d788e2d51fdae037145fbe7bc55c543b46c
SSDEEP

6144:s83v3XZFwzWQ4fqaNRPocQ1wQaNcDQzD+iD92zUj2pAeKnvmb7/D26NXKmZhrwso:P3hFwQfqaNR1Q1w9kQzD8zUj2pAeKnv3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d44b3732af122c54399e448274fc2ac2dc96697c545536e89815fd080f03ad6c
- Size
  
  212KB
- MD5
  
  115aeaee0b2d0a1ea6f6df25c0eec6d4
- SHA1
  
  dfde1242b925aa55d84af795645f547ed69eebaa
- SHA256
  
  d44b3732af122c54399e448274fc2ac2dc96697c545536e89815fd080f03ad6c
- SHA512
  
  9a0f9bd1d5cbbc97b7248da3a1f7735ac4001198e9f177e315f7fae18c9449bc8665155002b4aa38e7ec5452f6905d788e2d51fdae037145fbe7bc55c543b46c
- SSDEEP
  
  6144:s83v3XZFwzWQ4fqaNRPocQ1wQaNcDQzD+iD92zUj2pAeKnvmb7/D26NXKmZhrwso:P3hFwQfqaNR1Q1w9kQzD8zUj2pAeKnv3
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence