26b110197b26ed235d878ff56bc9e6368d235cd4691cd6becef38b813aaf88b9 | Triage

Sharing

General

Target

26b110197b26ed235d878ff56bc9e6368d235cd4691cd6becef38b813aaf88b9
Size

100KB
Sample

220919-ens2rsbdfk
MD5

443a3ed3044fef21e92a751ba068e217
SHA1

4d941d5ecfbc43e55debd6962f0a759e2250bd50
SHA256

26b110197b26ed235d878ff56bc9e6368d235cd4691cd6becef38b813aaf88b9
SHA512

46dc6207cdd2f21cc774ff82894267d3d703549d8d0d2fbeb13023965ff690ef6121e58490d0a232c9e1cc693ef0c37e865d7730829779b53269a74ac618d1ab
SSDEEP

1536:xRt0A82NTdwVxdLGZcYADZPU1+73BD88b0nyLNIjnZrJ:3wVx0gZPUQJLCnlJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  26b110197b26ed235d878ff56bc9e6368d235cd4691cd6becef38b813aaf88b9
- Size
  
  100KB
- MD5
  
  443a3ed3044fef21e92a751ba068e217
- SHA1
  
  4d941d5ecfbc43e55debd6962f0a759e2250bd50
- SHA256
  
  26b110197b26ed235d878ff56bc9e6368d235cd4691cd6becef38b813aaf88b9
- SHA512
  
  46dc6207cdd2f21cc774ff82894267d3d703549d8d0d2fbeb13023965ff690ef6121e58490d0a232c9e1cc693ef0c37e865d7730829779b53269a74ac618d1ab
- SSDEEP
  
  1536:xRt0A82NTdwVxdLGZcYADZPU1+73BD88b0nyLNIjnZrJ:3wVx0gZPUQJLCnlJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence