9a3df3f3e210f7bebad49d5cc61477cf46769074ea7331fcc284349bd4dc390c | Triage

Sharing

General

Target

9a3df3f3e210f7bebad49d5cc61477cf46769074ea7331fcc284349bd4dc390c
Size

148KB
Sample

221205-3exklabb5x
MD5

6e2a1d4203943741151fdd8283123672
SHA1

a95402e7b91df610de12b7b7ab10e8701d3b2c6c
SHA256

9a3df3f3e210f7bebad49d5cc61477cf46769074ea7331fcc284349bd4dc390c
SHA512

0c4ec476af5d0c4c7ca8f4a9d234c97481e1e71f4cf1b8cb134c8994ff43e374dad50213b9c0ae5a61262f83feb3f6468d2346bb70289f3968be35d513703aab
SSDEEP

3072:eQSD+WuMBspr8+k77/pswWR/x0+dv4TLxyK4SeE5j4oQFt:3SSWuMBsFvS04+dv4TVddS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9a3df3f3e210f7bebad49d5cc61477cf46769074ea7331fcc284349bd4dc390c
- Size
  
  148KB
- MD5
  
  6e2a1d4203943741151fdd8283123672
- SHA1
  
  a95402e7b91df610de12b7b7ab10e8701d3b2c6c
- SHA256
  
  9a3df3f3e210f7bebad49d5cc61477cf46769074ea7331fcc284349bd4dc390c
- SHA512
  
  0c4ec476af5d0c4c7ca8f4a9d234c97481e1e71f4cf1b8cb134c8994ff43e374dad50213b9c0ae5a61262f83feb3f6468d2346bb70289f3968be35d513703aab
- SSDEEP
  
  3072:eQSD+WuMBspr8+k77/pswWR/x0+dv4TLxyK4SeE5j4oQFt:3SSWuMBsFvS04+dv4TVddS
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence