fd03418ec5556bc33756d13517a68cd00ed8d2eba257e358ade3afeaa5cc7a45 | Triage

Sharing

General

Target

fd03418ec5556bc33756d13517a68cd00ed8d2eba257e358ade3afeaa5cc7a45
Size

104KB
Sample

221206-lrt7kaaa9x
MD5

f54aa645b49e95ff669476879c1777f4
SHA1

1ffc5fbf74d0f4e1d9dd10f0e9301d69fba8a5b3
SHA256

fd03418ec5556bc33756d13517a68cd00ed8d2eba257e358ade3afeaa5cc7a45
SHA512

e824442918a9e47366f93472edf2ee0416029672037d16691fca09cb8af1115e374435f0246af87e2c3f0093eb26719213de529569a925ef2d84dbf9fcd32b93
SSDEEP

1536:W6VFL/lgjJ8i4yS6XycDEJfNOPcDGwmgRouYmvqwMewT/0Xu+b5krpNIjnZ0:RNi4yXXyccm/3iu+b8Cni

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fd03418ec5556bc33756d13517a68cd00ed8d2eba257e358ade3afeaa5cc7a45
- Size
  
  104KB
- MD5
  
  f54aa645b49e95ff669476879c1777f4
- SHA1
  
  1ffc5fbf74d0f4e1d9dd10f0e9301d69fba8a5b3
- SHA256
  
  fd03418ec5556bc33756d13517a68cd00ed8d2eba257e358ade3afeaa5cc7a45
- SHA512
  
  e824442918a9e47366f93472edf2ee0416029672037d16691fca09cb8af1115e374435f0246af87e2c3f0093eb26719213de529569a925ef2d84dbf9fcd32b93
- SSDEEP
  
  1536:W6VFL/lgjJ8i4yS6XycDEJfNOPcDGwmgRouYmvqwMewT/0Xu+b5krpNIjnZ0:RNi4yXXyccm/3iu+b8Cni
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence