b314e822198e598afcf73a976471ede7a12aae6e658a2be822a222421c4e8fa1 | Triage

Sharing

General

Target

b314e822198e598afcf73a976471ede7a12aae6e658a2be822a222421c4e8fa1
Size

296KB
Sample

221205-xh3ywsfc58
MD5

16f38e497750cc5f0577f99f41a92957
SHA1

e3a4efca66bc3bfe4f55bbc78af827deade00c2b
SHA256

b314e822198e598afcf73a976471ede7a12aae6e658a2be822a222421c4e8fa1
SHA512

c428d251a261b4059292d1840d14cc918546c525d1434093d2bbf4d7e863482fb96be042f6353a1fecbd6198c8693105540ec5b89f706c737d1ffdad0f4010ec
SSDEEP

6144:L2UFRxtJcCC2lfKgO32mO1IdifegrSQOJMmSnxtAPUWJj9/P/oEAlu9UY6L6P:LLtTCqmjZHJFnPnp6l2UuP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b314e822198e598afcf73a976471ede7a12aae6e658a2be822a222421c4e8fa1
- Size
  
  296KB
- MD5
  
  16f38e497750cc5f0577f99f41a92957
- SHA1
  
  e3a4efca66bc3bfe4f55bbc78af827deade00c2b
- SHA256
  
  b314e822198e598afcf73a976471ede7a12aae6e658a2be822a222421c4e8fa1
- SHA512
  
  c428d251a261b4059292d1840d14cc918546c525d1434093d2bbf4d7e863482fb96be042f6353a1fecbd6198c8693105540ec5b89f706c737d1ffdad0f4010ec
- SSDEEP
  
  6144:L2UFRxtJcCC2lfKgO32mO1IdifegrSQOJMmSnxtAPUWJj9/P/oEAlu9UY6L6P:LLtTCqmjZHJFnPnp6l2UuP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence