bbea0f9fffb90967c5d778d5b580f9d86135e2f080345843920486658488fa1a | Triage

Sharing

General

Target

bbea0f9fffb90967c5d778d5b580f9d86135e2f080345843920486658488fa1a
Size

80KB
Sample

221205-myjvvafh9y
MD5

3a4d8dc36f3da894862ed51a24ee8f7f
SHA1

1efe247fdc7946983d1f589de70babeca50f14eb
SHA256

bbea0f9fffb90967c5d778d5b580f9d86135e2f080345843920486658488fa1a
SHA512

9b1f92b2c025f4e80345d7699dcf86517bf6678a55c203e59ab56f98daf2183859fcfb370693bb83af92cea1637dbea9da54e149c6ce18f97e842c6658ed2e2b
SSDEEP

1536:kXmto4DFyF8e/O+TtSv6DhjFEA5n6qtvmzrRptAi858J8MGu143i6E5T:G4nNT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  bbea0f9fffb90967c5d778d5b580f9d86135e2f080345843920486658488fa1a
- Size
  
  80KB
- MD5
  
  3a4d8dc36f3da894862ed51a24ee8f7f
- SHA1
  
  1efe247fdc7946983d1f589de70babeca50f14eb
- SHA256
  
  bbea0f9fffb90967c5d778d5b580f9d86135e2f080345843920486658488fa1a
- SHA512
  
  9b1f92b2c025f4e80345d7699dcf86517bf6678a55c203e59ab56f98daf2183859fcfb370693bb83af92cea1637dbea9da54e149c6ce18f97e842c6658ed2e2b
- SSDEEP
  
  1536:kXmto4DFyF8e/O+TtSv6DhjFEA5n6qtvmzrRptAi858J8MGu143i6E5T:G4nNT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence