bed1dfc99eed92591f212b02e6d51d04f806d912690d4f7ac74f9f2c96027dae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bed1dfc99eed92591f212b02e6d51d04f806d912690d4f7ac74f9f2c96027dae
Size

204KB
Sample

221205-2r4zrshb51
MD5

fc40c35bbc7c9f6935fbe850831ee6a4
SHA1

580f6f8c1ba5bf8ec4c25b420a66758f50fccf66
SHA256

bed1dfc99eed92591f212b02e6d51d04f806d912690d4f7ac74f9f2c96027dae
SHA512

938e68faafa8c9a6fc6bfb1d923356f3a99394f561d9b109fdd2e822608f77651d87d23f4e61bd1d1fc191f30f1b14eece1feb6c2e712b9698a8875e8360afa7
SSDEEP

1536:jo+OokHo1vzxHwxAexNy3tQ9CW5EZWHakMwP9W6uXNh9h1AWa11GBPIdRONd+w6J:8Ho1y0tQ9nLHbB9WTk9+JgqmlZFn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bed1dfc99eed92591f212b02e6d51d04f806d912690d4f7ac74f9f2c96027dae
- Size
  
  204KB
- MD5
  
  fc40c35bbc7c9f6935fbe850831ee6a4
- SHA1
  
  580f6f8c1ba5bf8ec4c25b420a66758f50fccf66
- SHA256
  
  bed1dfc99eed92591f212b02e6d51d04f806d912690d4f7ac74f9f2c96027dae
- SHA512
  
  938e68faafa8c9a6fc6bfb1d923356f3a99394f561d9b109fdd2e822608f77651d87d23f4e61bd1d1fc191f30f1b14eece1feb6c2e712b9698a8875e8360afa7
- SSDEEP
  
  1536:jo+OokHo1vzxHwxAexNy3tQ9CW5EZWHakMwP9W6uXNh9h1AWa11GBPIdRONd+w6J:8Ho1y0tQ9nLHbB9WTk9+JgqmlZFn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence