c2cbfb32ebda53119d6de783feea7fd204ed195a820c6309a258a25ee2182b53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2cbfb32ebda53119d6de783feea7fd204ed195a820c6309a258a25ee2182b53
Size

132KB
Sample

221205-2rfxyaec82
MD5

7962e83b4fb2177551833895272cab62
SHA1

55e210aed54a6890eddc3f3cbfa7600cffc24372
SHA256

c2cbfb32ebda53119d6de783feea7fd204ed195a820c6309a258a25ee2182b53
SHA512

1275ac7aa3f70e50c64dbe5ca8a5eb62692084622f2216a9922caf82821dc2a32763a6fde3d87288e58c29b128b2d9fb010785685387cabd249a55c53e5e3e95
SSDEEP

1536:ULdz3uZ9UIIKZrDJZ3JuIuRWIelOQ212I/6jDSUaWpEEHCjP4YTyrhQHy4ktE/:A6ZZ8IuRrjWmEiyrhayE/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c2cbfb32ebda53119d6de783feea7fd204ed195a820c6309a258a25ee2182b53
- Size
  
  132KB
- MD5
  
  7962e83b4fb2177551833895272cab62
- SHA1
  
  55e210aed54a6890eddc3f3cbfa7600cffc24372
- SHA256
  
  c2cbfb32ebda53119d6de783feea7fd204ed195a820c6309a258a25ee2182b53
- SHA512
  
  1275ac7aa3f70e50c64dbe5ca8a5eb62692084622f2216a9922caf82821dc2a32763a6fde3d87288e58c29b128b2d9fb010785685387cabd249a55c53e5e3e95
- SSDEEP
  
  1536:ULdz3uZ9UIIKZrDJZ3JuIuRWIelOQ212I/6jDSUaWpEEHCjP4YTyrhQHy4ktE/:A6ZZ8IuRrjWmEiyrhayE/
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence