d3a5df89f817111671c4fdf08e4858957b0d101b81b1dde14539fdd77264849c | Triage

Sharing

General

Target

d3a5df89f817111671c4fdf08e4858957b0d101b81b1dde14539fdd77264849c
Size

272KB
Sample

221205-k89g5see59
MD5

ccfcb2b070a9603fe0d138e11c827e6f
SHA1

f7e0fd3e392ffbf15ca02aa848a7a63652173480
SHA256

d3a5df89f817111671c4fdf08e4858957b0d101b81b1dde14539fdd77264849c
SHA512

e5dcbd44e67ea9baf0c9871a6567837a256f6ffde324ea4c20cd2cbbdd910c0cdd765e11e3738c787847dc67715c6660862e2aa86b23236631c634949a51c372
SSDEEP

6144:P3amlQxchRdjLmtrBuMrdekUH63u+X5sc57W:CTxGLTuPL5

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d3a5df89f817111671c4fdf08e4858957b0d101b81b1dde14539fdd77264849c
- Size
  
  272KB
- MD5
  
  ccfcb2b070a9603fe0d138e11c827e6f
- SHA1
  
  f7e0fd3e392ffbf15ca02aa848a7a63652173480
- SHA256
  
  d3a5df89f817111671c4fdf08e4858957b0d101b81b1dde14539fdd77264849c
- SHA512
  
  e5dcbd44e67ea9baf0c9871a6567837a256f6ffde324ea4c20cd2cbbdd910c0cdd765e11e3738c787847dc67715c6660862e2aa86b23236631c634949a51c372
- SSDEEP
  
  6144:P3amlQxchRdjLmtrBuMrdekUH63u+X5sc57W:CTxGLTuPL5
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence