aba4c2389daf23e7f27cd3ec1a54bceafb06abacb444cd48f278598e0147979b | Triage

Sharing

General

Target

aba4c2389daf23e7f27cd3ec1a54bceafb06abacb444cd48f278598e0147979b
Size

96KB
Sample

221205-lj6wdsbd8w
MD5

63bd0c55b3bd629bee2479313fa03349
SHA1

1c4a51e7b05ec342b35e1b7d47395185e9810f6c
SHA256

aba4c2389daf23e7f27cd3ec1a54bceafb06abacb444cd48f278598e0147979b
SHA512

a2d736ac480e68801c95b4e7a2c25a3825731213e82ac8eec19e9036af8975a47c073649e6737b5bb57193910e9577bb5fbd598e55b7684da204f11dfeaabd93
SSDEEP

1536:8QhBHdf6cOah81MOkGulSc16l6u+NMMl/KlYv1T4hThFzNIjP:nPhMMblu88FFzCP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  aba4c2389daf23e7f27cd3ec1a54bceafb06abacb444cd48f278598e0147979b
- Size
  
  96KB
- MD5
  
  63bd0c55b3bd629bee2479313fa03349
- SHA1
  
  1c4a51e7b05ec342b35e1b7d47395185e9810f6c
- SHA256
  
  aba4c2389daf23e7f27cd3ec1a54bceafb06abacb444cd48f278598e0147979b
- SHA512
  
  a2d736ac480e68801c95b4e7a2c25a3825731213e82ac8eec19e9036af8975a47c073649e6737b5bb57193910e9577bb5fbd598e55b7684da204f11dfeaabd93
- SSDEEP
  
  1536:8QhBHdf6cOah81MOkGulSc16l6u+NMMl/KlYv1T4hThFzNIjP:nPhMMblu88FFzCP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence