42515274a4abcb196756a0d5cf4a6f5684b9c22f9eb22d7061c639390c45a227 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42515274a4abcb196756a0d5cf4a6f5684b9c22f9eb22d7061c639390c45a227
Size

212KB
Sample

221207-drf1yadc2z
MD5

4acd3760ac35f9b490af6bbdc646bc70
SHA1

17f49995d0248b5a207bdc5fb7efc579bacb26a1
SHA256

42515274a4abcb196756a0d5cf4a6f5684b9c22f9eb22d7061c639390c45a227
SHA512

a096c279a91748099361c95a46dcb7aa682aca2b531d557cc7bc8e96bb7d4ec6e4c12f327b3949adcef9cfb36b0798f22c1b4dbed16b6a5eb0eb5fe9168909fa
SSDEEP

6144:wpQVb4rNjW1Knvmb7/D26SwVllwnlr8RMFDjsyv5cSN0uLFaXmGnsD2HjMOq0n66:wpQVb4rNS1Knvmb7/D26Ur8RMFDjsyvw

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  42515274a4abcb196756a0d5cf4a6f5684b9c22f9eb22d7061c639390c45a227
- Size
  
  212KB
- MD5
  
  4acd3760ac35f9b490af6bbdc646bc70
- SHA1
  
  17f49995d0248b5a207bdc5fb7efc579bacb26a1
- SHA256
  
  42515274a4abcb196756a0d5cf4a6f5684b9c22f9eb22d7061c639390c45a227
- SHA512
  
  a096c279a91748099361c95a46dcb7aa682aca2b531d557cc7bc8e96bb7d4ec6e4c12f327b3949adcef9cfb36b0798f22c1b4dbed16b6a5eb0eb5fe9168909fa
- SSDEEP
  
  6144:wpQVb4rNjW1Knvmb7/D26SwVllwnlr8RMFDjsyv5cSN0uLFaXmGnsD2HjMOq0n66:wpQVb4rNS1Knvmb7/D26Ur8RMFDjsyvw
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence