8351752e323b81d6c2bedf5fc9c6cc21e4b1ffe7f59b0bf46bc9fdf91c3137a6 | Triage

Sharing

General

Target

8351752e323b81d6c2bedf5fc9c6cc21e4b1ffe7f59b0bf46bc9fdf91c3137a6
Size

152KB
Sample

221205-mcqq9sac84
MD5

4c4c13dc7d3845dedc7c9101efe11ec5
SHA1

18332930747b1cd1cbfc8657f5719f6a89d9a6ef
SHA256

8351752e323b81d6c2bedf5fc9c6cc21e4b1ffe7f59b0bf46bc9fdf91c3137a6
SHA512

c12468200b79d11326dd7e4c34851a1c01bcb2a5163abe2d405386d85aa2da81007807ff5e914325791a4380879d33f88f0573e048456b55d297bccd97f08c5f
SSDEEP

3072:H3sJvl3Po5+tTjFqV+t3DRGCKBiAKN4oQZiERr:6Q5+t8+NDR5AWWL

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8351752e323b81d6c2bedf5fc9c6cc21e4b1ffe7f59b0bf46bc9fdf91c3137a6
- Size
  
  152KB
- MD5
  
  4c4c13dc7d3845dedc7c9101efe11ec5
- SHA1
  
  18332930747b1cd1cbfc8657f5719f6a89d9a6ef
- SHA256
  
  8351752e323b81d6c2bedf5fc9c6cc21e4b1ffe7f59b0bf46bc9fdf91c3137a6
- SHA512
  
  c12468200b79d11326dd7e4c34851a1c01bcb2a5163abe2d405386d85aa2da81007807ff5e914325791a4380879d33f88f0573e048456b55d297bccd97f08c5f
- SSDEEP
  
  3072:H3sJvl3Po5+tTjFqV+t3DRGCKBiAKN4oQZiERr:6Q5+t8+NDR5AWWL
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence