563e3d9c4620e28b2f1dcf3b3734b213468700962913aae9e93d05c455bcff18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

563e3d9c4620e28b2f1dcf3b3734b213468700962913aae9e93d05c455bcff18
Size

248KB
Sample

221205-lyh3wacg3s
MD5

6469f90509c674f0fb96470666293471
SHA1

0a541c2d371a96f26cb39230709d2def4ecfbb91
SHA256

563e3d9c4620e28b2f1dcf3b3734b213468700962913aae9e93d05c455bcff18
SHA512

6b34d2c179e92e37bb00011c77f66234f5d297a24b47f24abfa34aee48b80b5ac8eab25adb8d21b1a300627784815b6cbb4db8dfddf058780d869d29799d12b5
SSDEEP

6144:5i+XHjcH9MSmzaVZz8rRoo681RV+b3Fa81wkrX++98WSAelGo8hcwTLGh4:5iTdnmzthTQTgpkrOoj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  563e3d9c4620e28b2f1dcf3b3734b213468700962913aae9e93d05c455bcff18
- Size
  
  248KB
- MD5
  
  6469f90509c674f0fb96470666293471
- SHA1
  
  0a541c2d371a96f26cb39230709d2def4ecfbb91
- SHA256
  
  563e3d9c4620e28b2f1dcf3b3734b213468700962913aae9e93d05c455bcff18
- SHA512
  
  6b34d2c179e92e37bb00011c77f66234f5d297a24b47f24abfa34aee48b80b5ac8eab25adb8d21b1a300627784815b6cbb4db8dfddf058780d869d29799d12b5
- SSDEEP
  
  6144:5i+XHjcH9MSmzaVZz8rRoo681RV+b3Fa81wkrX++98WSAelGo8hcwTLGh4:5iTdnmzthTQTgpkrOoj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence