0957f469311dd4c0b3c7d578fb664730271f46d093084e6841013bac16e457a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0957f469311dd4c0b3c7d578fb664730271f46d093084e6841013bac16e457a3
Size

139KB
Sample

221206-aa77bach9v
MD5

513b2a00bb89020e0dfaa8acf04e8aa5
SHA1

0391a4c4bd9d9df4c08e31d5fa9978dbcd722030
SHA256

0957f469311dd4c0b3c7d578fb664730271f46d093084e6841013bac16e457a3
SHA512

ff311e3c6b87ea9e6145b8d5e61e77ec2a069559caa49c92146e132e9dfedc212379e28c83a54511ec2019409e9a8c1c2bb65499e664220c240c04d36472ae92
SSDEEP

3072:FH9G2LrUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLG:Z9RLeoIDbByGPMsMPTu

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0957f469311dd4c0b3c7d578fb664730271f46d093084e6841013bac16e457a3
- Size
  
  139KB
- MD5
  
  513b2a00bb89020e0dfaa8acf04e8aa5
- SHA1
  
  0391a4c4bd9d9df4c08e31d5fa9978dbcd722030
- SHA256
  
  0957f469311dd4c0b3c7d578fb664730271f46d093084e6841013bac16e457a3
- SHA512
  
  ff311e3c6b87ea9e6145b8d5e61e77ec2a069559caa49c92146e132e9dfedc212379e28c83a54511ec2019409e9a8c1c2bb65499e664220c240c04d36472ae92
- SSDEEP
  
  3072:FH9G2LrUPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLG:Z9RLeoIDbByGPMsMPTu
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence