4978755cb3fb269966cb26735cb7ea2d76f49968addd9ca77fdfdb8da9893eb2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4978755cb3fb269966cb26735cb7ea2d76f49968addd9ca77fdfdb8da9893eb2
Size

212KB
Sample

221207-c8v1rabe9v
MD5

8a756f206825eeaa98f519187b4c8cdd
SHA1

c70be9384c266ff20be998c3727d07e870a42556
SHA256

4978755cb3fb269966cb26735cb7ea2d76f49968addd9ca77fdfdb8da9893eb2
SHA512

5e0501f208783df0b1dcc3db02ef45ea9cd39b6d69b170670ee0dc3cfffd5ec3911d71d93f56d849ac63d4871e13a2d226d6f7b6d0e3b4fe9408f7eae631b1a9
SSDEEP

3072:hVbPD2g8h7kvqEbncAXp4wiY3fXfLqus2RrMh9VsgV2Ksb+ET8/3TYhPR+fA4eQU:x87kvTtdysb+dumMn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4978755cb3fb269966cb26735cb7ea2d76f49968addd9ca77fdfdb8da9893eb2
- Size
  
  212KB
- MD5
  
  8a756f206825eeaa98f519187b4c8cdd
- SHA1
  
  c70be9384c266ff20be998c3727d07e870a42556
- SHA256
  
  4978755cb3fb269966cb26735cb7ea2d76f49968addd9ca77fdfdb8da9893eb2
- SHA512
  
  5e0501f208783df0b1dcc3db02ef45ea9cd39b6d69b170670ee0dc3cfffd5ec3911d71d93f56d849ac63d4871e13a2d226d6f7b6d0e3b4fe9408f7eae631b1a9
- SSDEEP
  
  3072:hVbPD2g8h7kvqEbncAXp4wiY3fXfLqus2RrMh9VsgV2Ksb+ET8/3TYhPR+fA4eQU:x87kvTtdysb+dumMn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence