a19ca331f0e84486040edc05fc2b6bbf939ba070920c915777ef19f53fdbd946 | Triage

Sharing

General

Target

a19ca331f0e84486040edc05fc2b6bbf939ba070920c915777ef19f53fdbd946
Size

300KB
Sample

221205-mk6sfseg71
MD5

418acaa864d36ee87ef50e4b56713238
SHA1

21d3f5a4c8cef05a9ec51fd5ff199b0079d82ea6
SHA256

a19ca331f0e84486040edc05fc2b6bbf939ba070920c915777ef19f53fdbd946
SHA512

e1240030346f36563874fc28348ed6d4827d9bf1b6b163fcdae681e28ffc8b4a21d3e9ca2ff403ec3d438c47263f6e8b6a94f471c5c5b82445096a022ba8d3fd
SSDEEP

3072:8UnaKfxFYx7z3pXJfvhMWKINBd/kqARk42rAzaOvZyNRQmkgXqjH5UFcjrf+HhDw:taKpFY/kJqeNhi0GTvHMww3y/IAFMs2

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a19ca331f0e84486040edc05fc2b6bbf939ba070920c915777ef19f53fdbd946
- Size
  
  300KB
- MD5
  
  418acaa864d36ee87ef50e4b56713238
- SHA1
  
  21d3f5a4c8cef05a9ec51fd5ff199b0079d82ea6
- SHA256
  
  a19ca331f0e84486040edc05fc2b6bbf939ba070920c915777ef19f53fdbd946
- SHA512
  
  e1240030346f36563874fc28348ed6d4827d9bf1b6b163fcdae681e28ffc8b4a21d3e9ca2ff403ec3d438c47263f6e8b6a94f471c5c5b82445096a022ba8d3fd
- SSDEEP
  
  3072:8UnaKfxFYx7z3pXJfvhMWKINBd/kqARk42rAzaOvZyNRQmkgXqjH5UFcjrf+HhDw:taKpFY/kJqeNhi0GTvHMww3y/IAFMs2
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence