bbba4a44fbfb9087c0bb987f96ffa1ae89103b23163976ab729ff5736c9d4e40 | Triage

Sharing

General

Target

bbba4a44fbfb9087c0bb987f96ffa1ae89103b23163976ab729ff5736c9d4e40
Size

276KB
Sample

221205-3t7zwacc5v
MD5

74d2a708fc425847e54376f4f2adc6bd
SHA1

a84d3709e962997b5460f8322b393af1772e5755
SHA256

bbba4a44fbfb9087c0bb987f96ffa1ae89103b23163976ab729ff5736c9d4e40
SHA512

a11207e3a46bd7814b7f5e52cab0f3575a27a7306b5dcb76c6edead792931385e89544702c38e55e17f061d8f6be6585d3faf3e3ca418558f7b48dec068191a4
SSDEEP

3072:FdZJa8ix7vUPbzaqBAyQsSNTlMKmmo4xTbWI+QV7Ir//5F5MUUAeBuUBcest:va5x2tAy+JlbxbWIsr/B7MVdFceO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bbba4a44fbfb9087c0bb987f96ffa1ae89103b23163976ab729ff5736c9d4e40
- Size
  
  276KB
- MD5
  
  74d2a708fc425847e54376f4f2adc6bd
- SHA1
  
  a84d3709e962997b5460f8322b393af1772e5755
- SHA256
  
  bbba4a44fbfb9087c0bb987f96ffa1ae89103b23163976ab729ff5736c9d4e40
- SHA512
  
  a11207e3a46bd7814b7f5e52cab0f3575a27a7306b5dcb76c6edead792931385e89544702c38e55e17f061d8f6be6585d3faf3e3ca418558f7b48dec068191a4
- SSDEEP
  
  3072:FdZJa8ix7vUPbzaqBAyQsSNTlMKmmo4xTbWI+QV7Ir//5F5MUUAeBuUBcest:va5x2tAy+JlbxbWIsr/B7MVdFceO
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence