aa4968b5d043cd5cc074faa66ba717d75df8e9708de1591ecf2dd617600732e2 | Triage

Sharing

General

Target

aa4968b5d043cd5cc074faa66ba717d75df8e9708de1591ecf2dd617600732e2
Size

164KB
Sample

221205-l9dbrsdg3w
MD5

432cf3a230d204b61393dd670f9747bf
SHA1

11e1d3978e2fe41d6cb51857f79043b6ef01838b
SHA256

aa4968b5d043cd5cc074faa66ba717d75df8e9708de1591ecf2dd617600732e2
SHA512

183adebb2675fb5dbfec15412e2a73d625218f22b31318a722970e85cef05b607b094a3d026eb083d9b8df8aa7318455905597d89aceed8d3989a8ec5c522a52
SSDEEP

3072:77Vz57EbV93WZy844f6G06r7bkcsN2bnldN:77cbOQof6Gn7bkjKld

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  aa4968b5d043cd5cc074faa66ba717d75df8e9708de1591ecf2dd617600732e2
- Size
  
  164KB
- MD5
  
  432cf3a230d204b61393dd670f9747bf
- SHA1
  
  11e1d3978e2fe41d6cb51857f79043b6ef01838b
- SHA256
  
  aa4968b5d043cd5cc074faa66ba717d75df8e9708de1591ecf2dd617600732e2
- SHA512
  
  183adebb2675fb5dbfec15412e2a73d625218f22b31318a722970e85cef05b607b094a3d026eb083d9b8df8aa7318455905597d89aceed8d3989a8ec5c522a52
- SSDEEP
  
  3072:77Vz57EbV93WZy844f6G06r7bkcsN2bnldN:77cbOQof6Gn7bkjKld
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence