beff1f3e49a1cad80b9048b6050a33cc23aff342dee348030b636388c5da1115 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

beff1f3e49a1cad80b9048b6050a33cc23aff342dee348030b636388c5da1115
Size

208KB
Sample

221205-ld3a1sah6s
MD5

a4f775cb92d08bc2e6a66ac52aca8ea0
SHA1

2407e904fdc9acf6121462830ad95734fbd6b556
SHA256

beff1f3e49a1cad80b9048b6050a33cc23aff342dee348030b636388c5da1115
SHA512

30b70a8aaac420a754f7f47912b48675957bd111dd4cf09ab8cb661fd4eead2adbc1beb3e30507f29f2f7e32456481b2a8030e4546ea766b7a70d50ee851d6f4
SSDEEP

3072:128p0ZyAFYgGFWKMNVCUEIfcsELmLXMt/79ffQbEk:tAKWKMNVCicsESMBqf

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  beff1f3e49a1cad80b9048b6050a33cc23aff342dee348030b636388c5da1115
- Size
  
  208KB
- MD5
  
  a4f775cb92d08bc2e6a66ac52aca8ea0
- SHA1
  
  2407e904fdc9acf6121462830ad95734fbd6b556
- SHA256
  
  beff1f3e49a1cad80b9048b6050a33cc23aff342dee348030b636388c5da1115
- SHA512
  
  30b70a8aaac420a754f7f47912b48675957bd111dd4cf09ab8cb661fd4eead2adbc1beb3e30507f29f2f7e32456481b2a8030e4546ea766b7a70d50ee851d6f4
- SSDEEP
  
  3072:128p0ZyAFYgGFWKMNVCUEIfcsELmLXMt/79ffQbEk:tAKWKMNVCicsESMBqf
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence