96c9c3e60d9c2ebdd04aec54650fc345dfab2580bd4bc9cb9fdb2f13b3c409a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

010c22669b311216fc92e93d7ff3011c
Size

288KB
Sample

231229-xlmq3shhh6
MD5

010c22669b311216fc92e93d7ff3011c
SHA1

70f10365782d64c0004c90a1afb8540e4f3ba940
SHA256

96c9c3e60d9c2ebdd04aec54650fc345dfab2580bd4bc9cb9fdb2f13b3c409a6
SHA512

3c2f75e12966efbdae16230f3a9425aca06ee932cae2962463ec6dac33fecec99b197b2af4a080f82f8846440904aa65032aeb72cdc6102821c69f523385fe07
SSDEEP

3072:DG8/TIShJdiYTOEcIlJ+k433GZ+cQRA7oTRCSAGjcc2zWm7/O2JN7RSNQBXiM:riDEgnq+xRA7b4l23NEN4J

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  010c22669b311216fc92e93d7ff3011c
- Size
  
  288KB
- MD5
  
  010c22669b311216fc92e93d7ff3011c
- SHA1
  
  70f10365782d64c0004c90a1afb8540e4f3ba940
- SHA256
  
  96c9c3e60d9c2ebdd04aec54650fc345dfab2580bd4bc9cb9fdb2f13b3c409a6
- SHA512
  
  3c2f75e12966efbdae16230f3a9425aca06ee932cae2962463ec6dac33fecec99b197b2af4a080f82f8846440904aa65032aeb72cdc6102821c69f523385fe07
- SSDEEP
  
  3072:DG8/TIShJdiYTOEcIlJ+k433GZ+cQRA7oTRCSAGjcc2zWm7/O2JN7RSNQBXiM:riDEgnq+xRA7b4l23NEN4J
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence