c81849a7cdc5e54b76d0e4c09764747b1f0698c54f7a2dbfc39135d76c0c49f0 | Triage

Sharing

General

Target

c81849a7cdc5e54b76d0e4c09764747b1f0698c54f7a2dbfc39135d76c0c49f0
Size

256KB
Sample

221207-deemcacb6x
MD5

20f3e50ea5ecd62a25b41ca48226fe10
SHA1

8af0ab6827ee148b600954feeda31312d3e6d270
SHA256

c81849a7cdc5e54b76d0e4c09764747b1f0698c54f7a2dbfc39135d76c0c49f0
SHA512

f88be180bee3a81467ccdc01e26b9c6de6ac70810ced3b3a87e03906978483e5b1ccb305ca5007f31d1172f1b3a29e49746ebd4459699c72dd06f27590c7b463
SSDEEP

6144:T6lRa0wxtGUjk+UHAS3+qipkW9WHa2xUsKjVx5LK6HX36X6xv76gcBRSUPD4A:T6lc0wTGUjk//3+qEkW9WHa2xUsKjVxi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c81849a7cdc5e54b76d0e4c09764747b1f0698c54f7a2dbfc39135d76c0c49f0
- Size
  
  256KB
- MD5
  
  20f3e50ea5ecd62a25b41ca48226fe10
- SHA1
  
  8af0ab6827ee148b600954feeda31312d3e6d270
- SHA256
  
  c81849a7cdc5e54b76d0e4c09764747b1f0698c54f7a2dbfc39135d76c0c49f0
- SHA512
  
  f88be180bee3a81467ccdc01e26b9c6de6ac70810ced3b3a87e03906978483e5b1ccb305ca5007f31d1172f1b3a29e49746ebd4459699c72dd06f27590c7b463
- SSDEEP
  
  6144:T6lRa0wxtGUjk+UHAS3+qipkW9WHa2xUsKjVx5LK6HX36X6xv76gcBRSUPD4A:T6lc0wTGUjk//3+qEkW9WHa2xUsKjVxi
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence