9ca1e27b3012838bc2dbe65549ecf0b9b37c23dbd554b337f005d8ee665d9641 | Triage

Sharing

General

Target

9ca1e27b3012838bc2dbe65549ecf0b9b37c23dbd554b337f005d8ee665d9641
Size

336KB
Sample

221206-aatnxsab65
MD5

472415f5fa15d1c6e8584864a625bd90
SHA1

787f9d20666e1cee11f8b05e764cb9ff8703dabf
SHA256

9ca1e27b3012838bc2dbe65549ecf0b9b37c23dbd554b337f005d8ee665d9641
SHA512

77234a013b41e239d7b6ce407b7561b2aee5b76fc62b79675b9b4888e153c4eeee9174b7bc0deab59471a6fb60e3ab90502a753625772e6361ea88440ebb4c1a
SSDEEP

6144:IYXkpYGCleWt3LFCmwg1HGTs7mObLLWtXi3TqWy:Ijd+mTs7lLLuXik

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  9ca1e27b3012838bc2dbe65549ecf0b9b37c23dbd554b337f005d8ee665d9641
- Size
  
  336KB
- MD5
  
  472415f5fa15d1c6e8584864a625bd90
- SHA1
  
  787f9d20666e1cee11f8b05e764cb9ff8703dabf
- SHA256
  
  9ca1e27b3012838bc2dbe65549ecf0b9b37c23dbd554b337f005d8ee665d9641
- SHA512
  
  77234a013b41e239d7b6ce407b7561b2aee5b76fc62b79675b9b4888e153c4eeee9174b7bc0deab59471a6fb60e3ab90502a753625772e6361ea88440ebb4c1a
- SSDEEP
  
  6144:IYXkpYGCleWt3LFCmwg1HGTs7mObLLWtXi3TqWy:Ijd+mTs7lLLuXik
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence