93b9e7ff815455345e637d712182110801770c8c0594d84c87cd76131ab27a57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

93b9e7ff815455345e637d712182110801770c8c0594d84c87cd76131ab27a57
Size

120KB
Sample

221206-rvpzxafc72
MD5

191bb470fc2ffbe9c7921c2a013384dc
SHA1

4e9042aa4efa063843f39323ed8313c185afa010
SHA256

93b9e7ff815455345e637d712182110801770c8c0594d84c87cd76131ab27a57
SHA512

9444a7b810b3efddf3ad6666d2a458ccdc226921de9673b48d0bf3fe4aac35b1fff13f12547f7ce21094dbf968dc2cb723b4ed44595400496d7e2d5527bb87ea
SSDEEP

3072:wewCFkr13LIaYnoPMhR9HtKI0c5wB8PEN:wsI13LIn5RxIq5688

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  93b9e7ff815455345e637d712182110801770c8c0594d84c87cd76131ab27a57
- Size
  
  120KB
- MD5
  
  191bb470fc2ffbe9c7921c2a013384dc
- SHA1
  
  4e9042aa4efa063843f39323ed8313c185afa010
- SHA256
  
  93b9e7ff815455345e637d712182110801770c8c0594d84c87cd76131ab27a57
- SHA512
  
  9444a7b810b3efddf3ad6666d2a458ccdc226921de9673b48d0bf3fe4aac35b1fff13f12547f7ce21094dbf968dc2cb723b4ed44595400496d7e2d5527bb87ea
- SSDEEP
  
  3072:wewCFkr13LIaYnoPMhR9HtKI0c5wB8PEN:wsI13LIn5RxIq5688
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence