42d498fc9985f478cc9045a7e6f72062d4c7d30ede5c4d6b1c2ce2ad58aeeded | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aaa8ae0f89bde2fc6451b82db2141362
Size

248KB
Sample

240228-bxbmasga72
MD5

aaa8ae0f89bde2fc6451b82db2141362
SHA1

2e42d25788f065e9416fdeb7e33c3dbfa21bbd44
SHA256

42d498fc9985f478cc9045a7e6f72062d4c7d30ede5c4d6b1c2ce2ad58aeeded
SHA512

ef7371607ca9a1c79c89e8ffafe2fc71ad3d6fb0fd273fd206f2d45ec932663ef3bfffbfe913871d2b6f07f38ffbeb71128951830ffa21f430aa8171f3a47172
SSDEEP

3072:9JwSW42t0z43JOFQfOTbjaoL7mZW0h/tlVu/T8cLBZ:9JjW42t0z43JOFQfOO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  aaa8ae0f89bde2fc6451b82db2141362
- Size
  
  248KB
- MD5
  
  aaa8ae0f89bde2fc6451b82db2141362
- SHA1
  
  2e42d25788f065e9416fdeb7e33c3dbfa21bbd44
- SHA256
  
  42d498fc9985f478cc9045a7e6f72062d4c7d30ede5c4d6b1c2ce2ad58aeeded
- SHA512
  
  ef7371607ca9a1c79c89e8ffafe2fc71ad3d6fb0fd273fd206f2d45ec932663ef3bfffbfe913871d2b6f07f38ffbeb71128951830ffa21f430aa8171f3a47172
- SSDEEP
  
  3072:9JwSW42t0z43JOFQfOTbjaoL7mZW0h/tlVu/T8cLBZ:9JjW42t0z43JOFQfOO
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence