cb9d75450cb56a8edac9fa1bf5fbfab9157452838322a9724c0574258969f188 | Triage

Sharing

General

Target

cb9d75450cb56a8edac9fa1bf5fbfab9157452838322a9724c0574258969f188
Size

228KB
Sample

221205-xjgr2sad2v
MD5

dc06aac5a1526bac3df5e19d35d8372e
SHA1

b7239cec67a63195de9dfbbf8163f3eef95a0c2c
SHA256

cb9d75450cb56a8edac9fa1bf5fbfab9157452838322a9724c0574258969f188
SHA512

541929606651a22db659dfdd8da516342993c5bc59065dce632ee3b024aec47f4f2b278989c275cf21777f6e4f64a050b7452da25c4d7a5b2094240076eab81c
SSDEEP

6144:6KhR3dwqsNy5ibpNjl4EqxF6snji81RUinKIC4:/hddQxl4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  cb9d75450cb56a8edac9fa1bf5fbfab9157452838322a9724c0574258969f188
- Size
  
  228KB
- MD5
  
  dc06aac5a1526bac3df5e19d35d8372e
- SHA1
  
  b7239cec67a63195de9dfbbf8163f3eef95a0c2c
- SHA256
  
  cb9d75450cb56a8edac9fa1bf5fbfab9157452838322a9724c0574258969f188
- SHA512
  
  541929606651a22db659dfdd8da516342993c5bc59065dce632ee3b024aec47f4f2b278989c275cf21777f6e4f64a050b7452da25c4d7a5b2094240076eab81c
- SSDEEP
  
  6144:6KhR3dwqsNy5ibpNjl4EqxF6snji81RUinKIC4:/hddQxl4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence