a89c20a0cca28c0fb9eff4ab944e271ffb8d3f4d51a9757d61485dd7b665e7f3 | Triage

Sharing

General

Target

a89c20a0cca28c0fb9eff4ab944e271ffb8d3f4d51a9757d61485dd7b665e7f3
Size

196KB
Sample

221205-lkz48sbe4w
MD5

3f8d005078b1cd94f323ae79443f9f05
SHA1

a75013ce49c8c1f31ff458865bc519aa5c18d6d1
SHA256

a89c20a0cca28c0fb9eff4ab944e271ffb8d3f4d51a9757d61485dd7b665e7f3
SHA512

043484638818f59f8ae9ef9dbade92b99176eeab824ae23efdc737b70bc5cdfc16bc59ee52e9affe9e1e0de8b35b501f232cbcc686e74038086e569a32d7b19f
SSDEEP

3072:XKGVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:XlVnPybzV8Oio0ctLTt08doLRO8qeg

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a89c20a0cca28c0fb9eff4ab944e271ffb8d3f4d51a9757d61485dd7b665e7f3
- Size
  
  196KB
- MD5
  
  3f8d005078b1cd94f323ae79443f9f05
- SHA1
  
  a75013ce49c8c1f31ff458865bc519aa5c18d6d1
- SHA256
  
  a89c20a0cca28c0fb9eff4ab944e271ffb8d3f4d51a9757d61485dd7b665e7f3
- SHA512
  
  043484638818f59f8ae9ef9dbade92b99176eeab824ae23efdc737b70bc5cdfc16bc59ee52e9affe9e1e0de8b35b501f232cbcc686e74038086e569a32d7b19f
- SSDEEP
  
  3072:XKGVnPybzV8Q3io0ce4LTI208YioBK9QRO8qeXQ:XlVnPybzV8Oio0ctLTt08doLRO8qeg
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence