c0eed98b9911c58d06d8474b0dd8e3148e779fdbe2ed6260883661f102681719 | Triage

Sharing

General

Target

c0eed98b9911c58d06d8474b0dd8e3148e779fdbe2ed6260883661f102681719
Size

148KB
Sample

221207-c29kkaba3v
MD5

62d5bdbe523eddf256a7c53d87d13306
SHA1

a3c6c3a8cd0652e33b11d5ed747761612d7b4c98
SHA256

c0eed98b9911c58d06d8474b0dd8e3148e779fdbe2ed6260883661f102681719
SHA512

87da4e78285242614e2a76259df7732bbbb02090febc75495c857635dbe38aa0601c41d8519ca3742105c41641b621c7e312b7dc744608ffa6328d0010c60671
SSDEEP

1536:ho9LwOf4BlqPAKbxnX+PBcRlouQvSPouXZ6D6Jj5wl+dwCMZUbP7v2YhxYAZxZCZ:uWKalqPpF+Pco6ouZ68Kl+dnMZUbRi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c0eed98b9911c58d06d8474b0dd8e3148e779fdbe2ed6260883661f102681719
- Size
  
  148KB
- MD5
  
  62d5bdbe523eddf256a7c53d87d13306
- SHA1
  
  a3c6c3a8cd0652e33b11d5ed747761612d7b4c98
- SHA256
  
  c0eed98b9911c58d06d8474b0dd8e3148e779fdbe2ed6260883661f102681719
- SHA512
  
  87da4e78285242614e2a76259df7732bbbb02090febc75495c857635dbe38aa0601c41d8519ca3742105c41641b621c7e312b7dc744608ffa6328d0010c60671
- SSDEEP
  
  1536:ho9LwOf4BlqPAKbxnX+PBcRlouQvSPouXZ6D6Jj5wl+dwCMZUbP7v2YhxYAZxZCZ:uWKalqPpF+Pco6ouZ68Kl+dnMZUbRi
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence