fdc4a3630207439259b1e1219811e640308f7e740fbeea3a5797ad9ecd051138 | Triage

Sharing

General

Target

fdc4a3630207439259b1e1219811e640308f7e740fbeea3a5797ad9ecd051138
Size

240KB
Sample

221205-3d56cagc82
MD5

92e4aa7a5c0d2ea3c726fb72f9233951
SHA1

3d5d0078d2dca76e3946f4297b4ce72cb78c2cfc
SHA256

fdc4a3630207439259b1e1219811e640308f7e740fbeea3a5797ad9ecd051138
SHA512

09dee9b31f0bf8ebfe5e0c1439c415bd55f27261cb296e70d7abc9b58a50e86df980621a99f5c05c41eccc601343bdd907f42209113c4e54cb942a2e849685c6
SSDEEP

3072:j6JnpFF+YupJ904AX+ipuvnHMC6Fz2Pa9VZumXYdVL63fZi8KGccmgoyyb:UpFFk/at6PMFKa9VUuYdVL63fZN7q

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fdc4a3630207439259b1e1219811e640308f7e740fbeea3a5797ad9ecd051138
- Size
  
  240KB
- MD5
  
  92e4aa7a5c0d2ea3c726fb72f9233951
- SHA1
  
  3d5d0078d2dca76e3946f4297b4ce72cb78c2cfc
- SHA256
  
  fdc4a3630207439259b1e1219811e640308f7e740fbeea3a5797ad9ecd051138
- SHA512
  
  09dee9b31f0bf8ebfe5e0c1439c415bd55f27261cb296e70d7abc9b58a50e86df980621a99f5c05c41eccc601343bdd907f42209113c4e54cb942a2e849685c6
- SSDEEP
  
  3072:j6JnpFF+YupJ904AX+ipuvnHMC6Fz2Pa9VZumXYdVL63fZi8KGccmgoyyb:UpFFk/at6PMFKa9VUuYdVL63fZN7q
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence