a90d0c09a3a7c6c93156fb96c53327fb974ceef500f77456f0761aec3ad2c5ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a90d0c09a3a7c6c93156fb96c53327fb974ceef500f77456f0761aec3ad2c5ba
Size

124KB
Sample

221205-y6rffada68
MD5

4317f91218e9d6233d652e25ee953292
SHA1

7b5fe4a11671e66f72d601325baca69b86d1eb25
SHA256

a90d0c09a3a7c6c93156fb96c53327fb974ceef500f77456f0761aec3ad2c5ba
SHA512

c608a1e4b4dbeb39ac635f2a7b43731d2768329a6e110856730e4fd1e53b03cd5fc21dbda44af75e6ad231793069ae9ccb01f45516965f02a9d4f63e1d25afbf
SSDEEP

1536:rOtkjETQRHU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VeMNeG0h/E:AkjjRHU0GgAT9gM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a90d0c09a3a7c6c93156fb96c53327fb974ceef500f77456f0761aec3ad2c5ba
- Size
  
  124KB
- MD5
  
  4317f91218e9d6233d652e25ee953292
- SHA1
  
  7b5fe4a11671e66f72d601325baca69b86d1eb25
- SHA256
  
  a90d0c09a3a7c6c93156fb96c53327fb974ceef500f77456f0761aec3ad2c5ba
- SHA512
  
  c608a1e4b4dbeb39ac635f2a7b43731d2768329a6e110856730e4fd1e53b03cd5fc21dbda44af75e6ad231793069ae9ccb01f45516965f02a9d4f63e1d25afbf
- SSDEEP
  
  1536:rOtkjETQRHU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VeMNeG0h/E:AkjjRHU0GgAT9gM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence