f31559027c834b7f9091284080fed0a722546ec1df26d73c7277c0ec8eb26c64 | Triage

Sharing

General

Target

f31559027c834b7f9091284080fed0a722546ec1df26d73c7277c0ec8eb26c64
Size

168KB
Sample

221205-mcvefsac89
MD5

292a0b24c22bf5199cd6c21040ab2652
SHA1

ebcd7aecd3408ca728c045ddc942128e7861aa3e
SHA256

f31559027c834b7f9091284080fed0a722546ec1df26d73c7277c0ec8eb26c64
SHA512

841856d6276246fcf47d6d2670f503e8fb62c2bee7e1b706f80c9c42f8f4b0155e38dda241e5d2eb5e2dbd2d6dbacc535c384565f58aaf1c9ac86c713e8d2fb5
SSDEEP

3072:6hGs8zOY7SIsyvTlo/11hJl2czGRqxZdxxW9Oe:6hGDzOYiQlS1NJG6/x

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f31559027c834b7f9091284080fed0a722546ec1df26d73c7277c0ec8eb26c64
- Size
  
  168KB
- MD5
  
  292a0b24c22bf5199cd6c21040ab2652
- SHA1
  
  ebcd7aecd3408ca728c045ddc942128e7861aa3e
- SHA256
  
  f31559027c834b7f9091284080fed0a722546ec1df26d73c7277c0ec8eb26c64
- SHA512
  
  841856d6276246fcf47d6d2670f503e8fb62c2bee7e1b706f80c9c42f8f4b0155e38dda241e5d2eb5e2dbd2d6dbacc535c384565f58aaf1c9ac86c713e8d2fb5
- SSDEEP
  
  3072:6hGs8zOY7SIsyvTlo/11hJl2czGRqxZdxxW9Oe:6hGDzOYiQlS1NJG6/x
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence