b4bc16f8caee058fc6bf74aeb2cc94e12a3398970f8962760db6d01e59920749 | Triage

Sharing

General

Target

b4bc16f8caee058fc6bf74aeb2cc94e12a3398970f8962760db6d01e59920749
Size

268KB
Sample

221205-3hd8esbd3s
MD5

19bf263d2532d221512d5eaf670dea30
SHA1

a5e15cea73b651cbc84efcf1200c0853e9e8072b
SHA256

b4bc16f8caee058fc6bf74aeb2cc94e12a3398970f8962760db6d01e59920749
SHA512

9f1b3e953b4cb054a6bd716f0e7c5bc9d1981bcdbab36d5b65315f25aebf0ee99d94ef6ec06479b501b9d8422f502e676e106d3ebac8e1c5deb20bb1a7884836
SSDEEP

3072:7sSQrIh3ZDY1zuBvLen8DlZniqBXv7yOsWvgbsmIHX0WRIh:7CMpW1qFy8xZnisyOs2tHEWRe

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b4bc16f8caee058fc6bf74aeb2cc94e12a3398970f8962760db6d01e59920749
- Size
  
  268KB
- MD5
  
  19bf263d2532d221512d5eaf670dea30
- SHA1
  
  a5e15cea73b651cbc84efcf1200c0853e9e8072b
- SHA256
  
  b4bc16f8caee058fc6bf74aeb2cc94e12a3398970f8962760db6d01e59920749
- SHA512
  
  9f1b3e953b4cb054a6bd716f0e7c5bc9d1981bcdbab36d5b65315f25aebf0ee99d94ef6ec06479b501b9d8422f502e676e106d3ebac8e1c5deb20bb1a7884836
- SSDEEP
  
  3072:7sSQrIh3ZDY1zuBvLen8DlZniqBXv7yOsWvgbsmIHX0WRIh:7CMpW1qFy8xZnisyOs2tHEWRe
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence