5552c3d75e185de08d678e46cdb3def8c188132aa6b8e548856dbfe0db62f659 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5552c3d75e185de08d678e46cdb3def8c188132aa6b8e548856dbfe0db62f659
Size

220KB
Sample

221207-dqpaxsae95
MD5

88a95af0e1a910cdab56d20a8779502e
SHA1

38013d90a8beaad16937d1220a0bac6687a54082
SHA256

5552c3d75e185de08d678e46cdb3def8c188132aa6b8e548856dbfe0db62f659
SHA512

f78d160504a345672150d3d42bf873fce4f8694e096acc01d4dcb1e6c200d0d24e162fec38d26c36c3e2d6328d549568389a65a4f3bb19a3a121c08eacd9dc60
SSDEEP

3072:r29AcBKwcyAHtyU472ydts1Vsd0WpPGFobtkBdk3ENwG:0tR6EUEts1VseWpPGFobC3k3ENn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5552c3d75e185de08d678e46cdb3def8c188132aa6b8e548856dbfe0db62f659
- Size
  
  220KB
- MD5
  
  88a95af0e1a910cdab56d20a8779502e
- SHA1
  
  38013d90a8beaad16937d1220a0bac6687a54082
- SHA256
  
  5552c3d75e185de08d678e46cdb3def8c188132aa6b8e548856dbfe0db62f659
- SHA512
  
  f78d160504a345672150d3d42bf873fce4f8694e096acc01d4dcb1e6c200d0d24e162fec38d26c36c3e2d6328d549568389a65a4f3bb19a3a121c08eacd9dc60
- SSDEEP
  
  3072:r29AcBKwcyAHtyU472ydts1Vsd0WpPGFobtkBdk3ENwG:0tR6EUEts1VseWpPGFobC3k3ENn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence