ff18bd17d818e81800acba7c65abef03e873d92aec882332468f4f66313b4804 | Triage

Sharing

General

Target

21539bc29b75eba7f203c6dfbad6f111
Size

268KB
Sample

231231-aj6pvaecb6
MD5

21539bc29b75eba7f203c6dfbad6f111
SHA1

ec7c4ffe8d1b749e721c749167bc89ec72776bfe
SHA256

ff18bd17d818e81800acba7c65abef03e873d92aec882332468f4f66313b4804
SHA512

32b0340174167cc77046e2a006038cb698595c805b2ea92cda32f2b7ec47e54e1ea1f8a1e67f50bc3e13fef69823f6bae7711da271ba6da874c07ee548582663
SSDEEP

6144:CRPpbZRml8z94sYxeTfXys6zlbG95POPHQ7TlSqSeiD4/uhHCA4ydSZb0ng:KPpbZRi8z94da64RyHQ7TlUJ4/uLng

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  21539bc29b75eba7f203c6dfbad6f111
- Size
  
  268KB
- MD5
  
  21539bc29b75eba7f203c6dfbad6f111
- SHA1
  
  ec7c4ffe8d1b749e721c749167bc89ec72776bfe
- SHA256
  
  ff18bd17d818e81800acba7c65abef03e873d92aec882332468f4f66313b4804
- SHA512
  
  32b0340174167cc77046e2a006038cb698595c805b2ea92cda32f2b7ec47e54e1ea1f8a1e67f50bc3e13fef69823f6bae7711da271ba6da874c07ee548582663
- SSDEEP
  
  6144:CRPpbZRml8z94sYxeTfXys6zlbG95POPHQ7TlSqSeiD4/uhHCA4ydSZb0ng:KPpbZRi8z94da64RyHQ7TlUJ4/uLng
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence