97f819d82f3d8c6aae25800d42e5ea8c20f95c1ad91e1fd99fc90a04d3eed380 | Triage

Sharing

General

Target

97f819d82f3d8c6aae25800d42e5ea8c20f95c1ad91e1fd99fc90a04d3eed380
Size

420KB
Sample

221205-lnt3dsbg8x
MD5

1bedc8a136bc6e12640b663abfe57b8c
SHA1

165caa414a7281d154c5348bc7181ef1c47b612f
SHA256

97f819d82f3d8c6aae25800d42e5ea8c20f95c1ad91e1fd99fc90a04d3eed380
SHA512

2274a2ced935c01977ce38fd1e061c190b79cbeec21f366cef5e957303f350686eefcb1755efefecb55c3dde293cadb80d177b775f3fff4810bd85c371b3929a
SSDEEP

6144:OwWv8jqFk7qFoQudlhiP5+6yCtfGiIAZFG:Ofvb2QudeYr0F

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  97f819d82f3d8c6aae25800d42e5ea8c20f95c1ad91e1fd99fc90a04d3eed380
- Size
  
  420KB
- MD5
  
  1bedc8a136bc6e12640b663abfe57b8c
- SHA1
  
  165caa414a7281d154c5348bc7181ef1c47b612f
- SHA256
  
  97f819d82f3d8c6aae25800d42e5ea8c20f95c1ad91e1fd99fc90a04d3eed380
- SHA512
  
  2274a2ced935c01977ce38fd1e061c190b79cbeec21f366cef5e957303f350686eefcb1755efefecb55c3dde293cadb80d177b775f3fff4810bd85c371b3929a
- SSDEEP
  
  6144:OwWv8jqFk7qFoQudlhiP5+6yCtfGiIAZFG:Ofvb2QudeYr0F
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence