a657608d2845ec97e84a495e70e3a83ec6e337b9d0784c5381394735619b52d3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a657608d2845ec97e84a495e70e3a83ec6e337b9d0784c5381394735619b52d3
Size

100KB
Sample

221205-y52j1sga2v
MD5

41904fb9a6a82c0dff97b21d89f4f422
SHA1

0e9c191c30f00cdb724e454a79bea861142ea9cd
SHA256

a657608d2845ec97e84a495e70e3a83ec6e337b9d0784c5381394735619b52d3
SHA512

0ec7857cefeb2bbc4cdc7e47274383a3be420d935b04614cbd35c9d1590289836fe48d2484aae0c524d244a46a4370366945d1405a2ddf671988ccd76ee483bb
SSDEEP

1536:kEt0d82NTdweBLGZcYADZPU1+73BD88b0nyLNIjnZrJ:cweggZPUQJLCnlJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a657608d2845ec97e84a495e70e3a83ec6e337b9d0784c5381394735619b52d3
- Size
  
  100KB
- MD5
  
  41904fb9a6a82c0dff97b21d89f4f422
- SHA1
  
  0e9c191c30f00cdb724e454a79bea861142ea9cd
- SHA256
  
  a657608d2845ec97e84a495e70e3a83ec6e337b9d0784c5381394735619b52d3
- SHA512
  
  0ec7857cefeb2bbc4cdc7e47274383a3be420d935b04614cbd35c9d1590289836fe48d2484aae0c524d244a46a4370366945d1405a2ddf671988ccd76ee483bb
- SSDEEP
  
  1536:kEt0d82NTdweBLGZcYADZPU1+73BD88b0nyLNIjnZrJ:cweggZPUQJLCnlJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence