4c9dc82942e471a390560ef767dd713c9739fa39bea187b69c0f1303135cdd8c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c9dc82942e471a390560ef767dd713c9739fa39bea187b69c0f1303135cdd8c
Size

224KB
Sample

221207-dzp9ksbc99
MD5

d8717d18385b08021508ea82e2944f57
SHA1

506b38ca85a95d72ebc0b057ac7335fa65094cc9
SHA256

4c9dc82942e471a390560ef767dd713c9739fa39bea187b69c0f1303135cdd8c
SHA512

419aaf32f4333114c2b4694f5d5cfe3cf3c379926149021d32dca658c9d74e772ec7cae0ecf49436934b716559390b041962a8f6a94c517ca42fb25e4817c1c0
SSDEEP

6144:nXcnML+sV98pUnrnbK4bGRgyXuans8oCF9v:X9Lc2nrbK/RgyXuQs8oC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4c9dc82942e471a390560ef767dd713c9739fa39bea187b69c0f1303135cdd8c
- Size
  
  224KB
- MD5
  
  d8717d18385b08021508ea82e2944f57
- SHA1
  
  506b38ca85a95d72ebc0b057ac7335fa65094cc9
- SHA256
  
  4c9dc82942e471a390560ef767dd713c9739fa39bea187b69c0f1303135cdd8c
- SHA512
  
  419aaf32f4333114c2b4694f5d5cfe3cf3c379926149021d32dca658c9d74e772ec7cae0ecf49436934b716559390b041962a8f6a94c517ca42fb25e4817c1c0
- SSDEEP
  
  6144:nXcnML+sV98pUnrnbK4bGRgyXuans8oCF9v:X9Lc2nrbK/RgyXuQs8oC
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence