c67dc1e457c89afa98692f418e9fd57cae5ba5cd27c5c85df184e217c26690a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c67dc1e457c89afa98692f418e9fd57cae5ba5cd27c5c85df184e217c26690a3
Size

116KB
Sample

221205-3t4x8ahd99
MD5

69b955895ef43811647beff27d0dc0c0
SHA1

830028043f216a5ddbc6cf8f141515c705e44075
SHA256

c67dc1e457c89afa98692f418e9fd57cae5ba5cd27c5c85df184e217c26690a3
SHA512

cc06108d0f7066220d9a125006c3f8d78f153c2ed14c145b4e35c53ca9886f2b799644bf11a156094891387e1e2dc81b98acee2d48151fdc3600b3f6c6a45116
SSDEEP

1536:l4Q8p8DBeZUBFTgVjtXZTto1e9uCLBCPr8/NL44PerV5I8kIi/2O:qbpOeZU7TgdTq1ZrJO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c67dc1e457c89afa98692f418e9fd57cae5ba5cd27c5c85df184e217c26690a3
- Size
  
  116KB
- MD5
  
  69b955895ef43811647beff27d0dc0c0
- SHA1
  
  830028043f216a5ddbc6cf8f141515c705e44075
- SHA256
  
  c67dc1e457c89afa98692f418e9fd57cae5ba5cd27c5c85df184e217c26690a3
- SHA512
  
  cc06108d0f7066220d9a125006c3f8d78f153c2ed14c145b4e35c53ca9886f2b799644bf11a156094891387e1e2dc81b98acee2d48151fdc3600b3f6c6a45116
- SSDEEP
  
  1536:l4Q8p8DBeZUBFTgVjtXZTto1e9uCLBCPr8/NL44PerV5I8kIi/2O:qbpOeZU7TgdTq1ZrJO
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence