d2bfd324dc371bc9eb05b139d2316ef4783f442dbc5cfa8f46254ddae2fe8c02 | Triage

Sharing

General

Target

d2bfd324dc371bc9eb05b139d2316ef4783f442dbc5cfa8f46254ddae2fe8c02
Size

244KB
Sample

221207-c16saagc95
MD5

05158b2e7d342401c0621acf5dfb5a50
SHA1

565771de5ea39891ab8d9f5a45409fcfed0b949e
SHA256

d2bfd324dc371bc9eb05b139d2316ef4783f442dbc5cfa8f46254ddae2fe8c02
SHA512

21c86a3c380541f3409d841e937f90a41789581d08428d0d154bc6edcd7262b265900849c8d28629c2def210982917c6baa6ff56de7babe1c67e9c1137f66f51
SSDEEP

6144:QxA6HaxXtLsgh1dbPOT3zJ1dYFwmPFmPQNCCTC7cX9qr27dOFFPqkdv:QTG1dbPOT3dGwmjqrwdWic

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d2bfd324dc371bc9eb05b139d2316ef4783f442dbc5cfa8f46254ddae2fe8c02
- Size
  
  244KB
- MD5
  
  05158b2e7d342401c0621acf5dfb5a50
- SHA1
  
  565771de5ea39891ab8d9f5a45409fcfed0b949e
- SHA256
  
  d2bfd324dc371bc9eb05b139d2316ef4783f442dbc5cfa8f46254ddae2fe8c02
- SHA512
  
  21c86a3c380541f3409d841e937f90a41789581d08428d0d154bc6edcd7262b265900849c8d28629c2def210982917c6baa6ff56de7babe1c67e9c1137f66f51
- SSDEEP
  
  6144:QxA6HaxXtLsgh1dbPOT3zJ1dYFwmPFmPQNCCTC7cX9qr27dOFFPqkdv:QTG1dbPOT3dGwmjqrwdWic
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence