c59a67225b3d75a37ed47970e81481e17d7a3ada10377e307653d42f6d07cad1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c59a67225b3d75a37ed47970e81481e17d7a3ada10377e307653d42f6d07cad1
Size

244KB
Sample

221207-d4p5dabf95
MD5

5b8b3f208716d8ac00aabde4819cf13d
SHA1

4764a2a50bd7fd573a8ccd79cf4cac0627c4498c
SHA256

c59a67225b3d75a37ed47970e81481e17d7a3ada10377e307653d42f6d07cad1
SHA512

e0026073281ff664f6d4d3cc19e3a1c755b6b6b1edd6222e92c68ddf02eba950c3c3b5794e433b1ff658c97e0a28b24c98beb51ce1b379473bf0e0cc7f28a283
SSDEEP

3072:N8bX9GXuWIKC2JMOj//FfyF5Hdreo1ygiYdWvk6CAxD34:NO0CcMg/dfyFHreo1ygiycb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c59a67225b3d75a37ed47970e81481e17d7a3ada10377e307653d42f6d07cad1
- Size
  
  244KB
- MD5
  
  5b8b3f208716d8ac00aabde4819cf13d
- SHA1
  
  4764a2a50bd7fd573a8ccd79cf4cac0627c4498c
- SHA256
  
  c59a67225b3d75a37ed47970e81481e17d7a3ada10377e307653d42f6d07cad1
- SHA512
  
  e0026073281ff664f6d4d3cc19e3a1c755b6b6b1edd6222e92c68ddf02eba950c3c3b5794e433b1ff658c97e0a28b24c98beb51ce1b379473bf0e0cc7f28a283
- SSDEEP
  
  3072:N8bX9GXuWIKC2JMOj//FfyF5Hdreo1ygiYdWvk6CAxD34:NO0CcMg/dfyFHreo1ygiycb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence