be4c09dc71298f775a3da482b0e6f039b6a74c7508551efddb81598dfddfc495 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be4c09dc71298f775a3da482b0e6f039b6a74c7508551efddb81598dfddfc495
Size

56KB
Sample

221205-l68cqsde51
MD5

ba8731220519d6c46cdc06ac61dbf233
SHA1

a798a6f2725a46ae984fa02bc9adaecff0a62f74
SHA256

be4c09dc71298f775a3da482b0e6f039b6a74c7508551efddb81598dfddfc495
SHA512

d1f357c570b1345c1159a7236bef5f1c8ee4ebefb9089575d7be22b5d8f4a59169f74778bd035f9a96c6d18a7211134ce9f4c45d3f815212393c1f30ceacb325
SSDEEP

768:OoHpPYpsZvJC+vvTf0mq/6/Q/9NF0+LEc8af3ts0E9d:O1psV3Zq2oS+Ljb3ts0E9d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  be4c09dc71298f775a3da482b0e6f039b6a74c7508551efddb81598dfddfc495
- Size
  
  56KB
- MD5
  
  ba8731220519d6c46cdc06ac61dbf233
- SHA1
  
  a798a6f2725a46ae984fa02bc9adaecff0a62f74
- SHA256
  
  be4c09dc71298f775a3da482b0e6f039b6a74c7508551efddb81598dfddfc495
- SHA512
  
  d1f357c570b1345c1159a7236bef5f1c8ee4ebefb9089575d7be22b5d8f4a59169f74778bd035f9a96c6d18a7211134ce9f4c45d3f815212393c1f30ceacb325
- SSDEEP
  
  768:OoHpPYpsZvJC+vvTf0mq/6/Q/9NF0+LEc8af3ts0E9d:O1psV3Zq2oS+Ljb3ts0E9d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence