dfa7a40901c451b21dc05db5453e57101c18bc7ac1719bf90822a1bb111fdbe1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfa7a40901c451b21dc05db5453e57101c18bc7ac1719bf90822a1bb111fdbe1
Size

96KB
Sample

221205-l525bsdd6v
MD5

cec6d0d0b73054d3921a3f6de2aff14e
SHA1

1d384bef489728fc40a472443b8a114a651514fa
SHA256

dfa7a40901c451b21dc05db5453e57101c18bc7ac1719bf90822a1bb111fdbe1
SHA512

eb1afb6fd2fa246b1639e532c2249a554f43bda46753e9c2fd7971ca4d8e15819248d5372402184942d9aad3e4e7c50e699fc8de5c2e739d872e8cec21b9f9b9
SSDEEP

1536:PVBEg52a9tyVQO8P8ych0Z/wjj3RJNEo/knRzdnynE7RldNEP8lijOezNIjnZnZ:PzE/aelychmyzR3Ek65RldqzCnBZ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  dfa7a40901c451b21dc05db5453e57101c18bc7ac1719bf90822a1bb111fdbe1
- Size
  
  96KB
- MD5
  
  cec6d0d0b73054d3921a3f6de2aff14e
- SHA1
  
  1d384bef489728fc40a472443b8a114a651514fa
- SHA256
  
  dfa7a40901c451b21dc05db5453e57101c18bc7ac1719bf90822a1bb111fdbe1
- SHA512
  
  eb1afb6fd2fa246b1639e532c2249a554f43bda46753e9c2fd7971ca4d8e15819248d5372402184942d9aad3e4e7c50e699fc8de5c2e739d872e8cec21b9f9b9
- SSDEEP
  
  1536:PVBEg52a9tyVQO8P8ych0Z/wjj3RJNEo/knRzdnynE7RldNEP8lijOezNIjnZnZ:PzE/aelychmyzR3Ek65RldqzCnBZ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence