1cb322d6355fdc2499e181422e981aad9815e9b779a8e5dd514abcb01c3b5e91 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1cb322d6355fdc2499e181422e981aad9815e9b779a8e5dd514abcb01c3b5e91
Size

128KB
Sample

221207-depsbacb8t
MD5

03a9254a2e7e8e279b777edf3efb0bad
SHA1

bfbf72837913a963410acc01efba0c453b067b7b
SHA256

1cb322d6355fdc2499e181422e981aad9815e9b779a8e5dd514abcb01c3b5e91
SHA512

eb9cfac732f3136efeca2aac3094acdb9babefc811f558a94efb662f5473b2cd7380e12df00ef54d475735fe59480c2235c6cfb02ba0e857cc0108ce249674cf
SSDEEP

3072:6OYyjGDDIuHbomqIQ7Dq7E0zQLQTAEeP0:6PIu7XqIAq7E0zQLgAEB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1cb322d6355fdc2499e181422e981aad9815e9b779a8e5dd514abcb01c3b5e91
- Size
  
  128KB
- MD5
  
  03a9254a2e7e8e279b777edf3efb0bad
- SHA1
  
  bfbf72837913a963410acc01efba0c453b067b7b
- SHA256
  
  1cb322d6355fdc2499e181422e981aad9815e9b779a8e5dd514abcb01c3b5e91
- SHA512
  
  eb9cfac732f3136efeca2aac3094acdb9babefc811f558a94efb662f5473b2cd7380e12df00ef54d475735fe59480c2235c6cfb02ba0e857cc0108ce249674cf
- SSDEEP
  
  3072:6OYyjGDDIuHbomqIQ7Dq7E0zQLQTAEeP0:6PIu7XqIAq7E0zQLgAEB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence