291578f6bdbdf197ba2f1d6c0f1bf946b52ebaf511c07d6b42c5af849f381ff9 | Triage

Sharing

General

Target

291578f6bdbdf197ba2f1d6c0f1bf946b52ebaf511c07d6b42c5af849f381ff9
Size

360KB
Sample

221207-dek45ahe79
MD5

9b33c7b0f0f82db2a8a5bf788d06f312
SHA1

e4182c7ab7dde2b295df5b1153a40f2f6cf55355
SHA256

291578f6bdbdf197ba2f1d6c0f1bf946b52ebaf511c07d6b42c5af849f381ff9
SHA512

d484a57f310e362ebb282519f798ad37001a72bb42ba5e3f1a125c673dff8d07d2a60bed4a103c20289519ebf2e6a06d925071d4d816b6a089733b3edc609c39
SSDEEP

6144:IOTTAVpf7Z6r4UZN6tj3tj1PQxD4b8/RqIsSp7ibX6Z9+vwT4jw:2VpfNrUZN6tj9sD4b8/EIsSp7ibX6ZEu

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  291578f6bdbdf197ba2f1d6c0f1bf946b52ebaf511c07d6b42c5af849f381ff9
- Size
  
  360KB
- MD5
  
  9b33c7b0f0f82db2a8a5bf788d06f312
- SHA1
  
  e4182c7ab7dde2b295df5b1153a40f2f6cf55355
- SHA256
  
  291578f6bdbdf197ba2f1d6c0f1bf946b52ebaf511c07d6b42c5af849f381ff9
- SHA512
  
  d484a57f310e362ebb282519f798ad37001a72bb42ba5e3f1a125c673dff8d07d2a60bed4a103c20289519ebf2e6a06d925071d4d816b6a089733b3edc609c39
- SSDEEP
  
  6144:IOTTAVpf7Z6r4UZN6tj3tj1PQxD4b8/RqIsSp7ibX6Z9+vwT4jw:2VpfNrUZN6tj9sD4b8/EIsSp7ibX6ZEu
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence