a1d789ade8c05c900d6b42c3c09777f80c5303c7f49720c435812aae7e1d95f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1d789ade8c05c900d6b42c3c09777f80c5303c7f49720c435812aae7e1d95f1
Size

280KB
Sample

221206-abcf2aab95
MD5

bd22b643e03592840113f19da05c4dda
SHA1

3c267f05e23e176d075e7166e465a131808eb63c
SHA256

a1d789ade8c05c900d6b42c3c09777f80c5303c7f49720c435812aae7e1d95f1
SHA512

8a045a008a57ebed86fd72c80197de8cf1dc6365168bf62d5522ed7755ba860f38ed4b563fca23d5d1a94d4cfd57a36018d2209269a2cf5e70400686706c3ee0
SSDEEP

6144:oEdG6ACe0K/fObT/bGiWr4YNUeLXKr96Ikd/FwJFBizYu90k36x:HdGT0K/fObT/bGiCOrUIkZFMizYu90E6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a1d789ade8c05c900d6b42c3c09777f80c5303c7f49720c435812aae7e1d95f1
- Size
  
  280KB
- MD5
  
  bd22b643e03592840113f19da05c4dda
- SHA1
  
  3c267f05e23e176d075e7166e465a131808eb63c
- SHA256
  
  a1d789ade8c05c900d6b42c3c09777f80c5303c7f49720c435812aae7e1d95f1
- SHA512
  
  8a045a008a57ebed86fd72c80197de8cf1dc6365168bf62d5522ed7755ba860f38ed4b563fca23d5d1a94d4cfd57a36018d2209269a2cf5e70400686706c3ee0
- SSDEEP
  
  6144:oEdG6ACe0K/fObT/bGiWr4YNUeLXKr96Ikd/FwJFBizYu90k36x:HdGT0K/fObT/bGiCOrUIkZFMizYu90E6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence