3cb5bf08867a40352a71dc0e5021ad1d40a2aa41b5bc9f4e9bf258102f7f951a | Triage

Sharing

General

Target

3cb5bf08867a40352a71dc0e5021ad1d40a2aa41b5bc9f4e9bf258102f7f951a
Size

216KB
Sample

221207-c9fbpaha66
MD5

f4b74eb341ba1ee857bb8086d61b3616
SHA1

1581b0f29b15fe0ae4e9c95c389e302516d07840
SHA256

3cb5bf08867a40352a71dc0e5021ad1d40a2aa41b5bc9f4e9bf258102f7f951a
SHA512

88006d4fbb7bd2129076e14ce57ec64ea7b015dd0e494f4ce88ab1b1f2aafdb010d47ec76ea39fc29f27cfcafef310572bd8b37ce5909705d49730caf588bc56
SSDEEP

3072:H8Tm79SHMdHgJTKMN6K/iAKRNamLFa8cstJfQb/y:OMxGKMN66iA/Utum

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3cb5bf08867a40352a71dc0e5021ad1d40a2aa41b5bc9f4e9bf258102f7f951a
- Size
  
  216KB
- MD5
  
  f4b74eb341ba1ee857bb8086d61b3616
- SHA1
  
  1581b0f29b15fe0ae4e9c95c389e302516d07840
- SHA256
  
  3cb5bf08867a40352a71dc0e5021ad1d40a2aa41b5bc9f4e9bf258102f7f951a
- SHA512
  
  88006d4fbb7bd2129076e14ce57ec64ea7b015dd0e494f4ce88ab1b1f2aafdb010d47ec76ea39fc29f27cfcafef310572bd8b37ce5909705d49730caf588bc56
- SSDEEP
  
  3072:H8Tm79SHMdHgJTKMN6K/iAKRNamLFa8cstJfQb/y:OMxGKMN66iA/Utum
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence