8c03feb54c731167de10fc188aa7a5440f63f7e76e151401d63d22d325bb467c | Triage

Sharing

General

Target

8c03feb54c731167de10fc188aa7a5440f63f7e76e151401d63d22d325bb467c
Size

156KB
Sample

221205-l4xs8ahe45
MD5

b120bfbd1205850a98d7462253d5d48c
SHA1

a0cff35e20f35d48e91a1a0af6ab6f17083b608c
SHA256

8c03feb54c731167de10fc188aa7a5440f63f7e76e151401d63d22d325bb467c
SHA512

865b652842066e528e406f4b3581bf3e7e1b469e2259c25d97207a3d39666e4939adab7bf4dfa92bcf987ec6492f88f77eb868762eabf12dc0213f8ce58b308e
SSDEEP

1536:Avan4ngzp0B8ILwNuRe305Xrud5N9jRMmBUKH7zD87/u+JcBqVbv1BsbhbEle+Rl:xogeaufubFKVXcBqB1BnXsjPI

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8c03feb54c731167de10fc188aa7a5440f63f7e76e151401d63d22d325bb467c
- Size
  
  156KB
- MD5
  
  b120bfbd1205850a98d7462253d5d48c
- SHA1
  
  a0cff35e20f35d48e91a1a0af6ab6f17083b608c
- SHA256
  
  8c03feb54c731167de10fc188aa7a5440f63f7e76e151401d63d22d325bb467c
- SHA512
  
  865b652842066e528e406f4b3581bf3e7e1b469e2259c25d97207a3d39666e4939adab7bf4dfa92bcf987ec6492f88f77eb868762eabf12dc0213f8ce58b308e
- SSDEEP
  
  1536:Avan4ngzp0B8ILwNuRe305Xrud5N9jRMmBUKH7zD87/u+JcBqVbv1BsbhbEle+Rl:xogeaufubFKVXcBqB1BnXsjPI
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence