92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f
Size

276KB
Sample

221205-lp4yzsgb34
MD5

0af5789e9bdb2a01d155406cc7881ef0
SHA1

d1a8a15913a6f1f4086501a4eccd11a061c92612
SHA256

92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f
SHA512

e11624190e095ebeef31026a2b813eb93d1d22e822fe93948917cb7422cdb5153de6d57b5135f7846898fdd984c8025589150c539ce673d5c2475cfb1f555c7e
SSDEEP

6144:tUmkhRQaX/m7bfTWaxAQ9aLb+Kf6+2/MKsjh9Bqas5Ti3q/VlgAd:thkhRQaX/m7bfTWaVKf52/MKsjh90aQB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f
- Size
  
  276KB
- MD5
  
  0af5789e9bdb2a01d155406cc7881ef0
- SHA1
  
  d1a8a15913a6f1f4086501a4eccd11a061c92612
- SHA256
  
  92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f
- SHA512
  
  e11624190e095ebeef31026a2b813eb93d1d22e822fe93948917cb7422cdb5153de6d57b5135f7846898fdd984c8025589150c539ce673d5c2475cfb1f555c7e
- SSDEEP
  
  6144:tUmkhRQaX/m7bfTWaxAQ9aLb+Kf6+2/MKsjh9Bqas5Ti3q/VlgAd:thkhRQaX/m7bfTWaVKf52/MKsjh90aQB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence