09b110547bb7364ae6567fa5edfabaa2a8aed189f8d851557b73e225e629c80b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09b110547bb7364ae6567fa5edfabaa2a8aed189f8d851557b73e225e629c80b
Size

232KB
Sample

220919-meastsgdfn
MD5

eec21c0aedf49b98e7479876d6f9cab6
SHA1

041c312304e4a87f4738d88dbfbc3b4876f50cb4
SHA256

09b110547bb7364ae6567fa5edfabaa2a8aed189f8d851557b73e225e629c80b
SHA512

0051d1a2a5e7e216b41d8354dac70be8fb842fd154ec0b86befee9ec732c0d526d401351915fc9145cfe4b749428152b56e0bd2a92086f41bd1de14d001ef7e7
SSDEEP

3072:vN1ZfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCKqiD8RUy3eL2mDH7z/5L5Jsr6Uc:vNPepp3PJXCOGY3ebq5OyW9L5Jsr6Uc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  09b110547bb7364ae6567fa5edfabaa2a8aed189f8d851557b73e225e629c80b
- Size
  
  232KB
- MD5
  
  eec21c0aedf49b98e7479876d6f9cab6
- SHA1
  
  041c312304e4a87f4738d88dbfbc3b4876f50cb4
- SHA256
  
  09b110547bb7364ae6567fa5edfabaa2a8aed189f8d851557b73e225e629c80b
- SHA512
  
  0051d1a2a5e7e216b41d8354dac70be8fb842fd154ec0b86befee9ec732c0d526d401351915fc9145cfe4b749428152b56e0bd2a92086f41bd1de14d001ef7e7
- SSDEEP
  
  3072:vN1ZfWRrIMNRlZ62Pal2LBJXmzOHm5WZ3K+MCKqiD8RUy3eL2mDH7z/5L5Jsr6Uc:vNPepp3PJXCOGY3ebq5OyW9L5Jsr6Uc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence