11f8c1f5b57eb30a70d0023f407d0725f4069b53901d03946b48e7728a23480a | Triage

Sharing

General

Target

11f8c1f5b57eb30a70d0023f407d0725f4069b53901d03946b48e7728a23480a
Size

164KB
Sample

220919-mgejsscef3
MD5

f5435447e0ec599cb62a157eb5224191
SHA1

1c33e85974121c927099886c339c5f313b917f13
SHA256

11f8c1f5b57eb30a70d0023f407d0725f4069b53901d03946b48e7728a23480a
SHA512

b1a5133cfb7b3af3e4ac3550b8a6a187210c813ec82f24c4f8c538423dc894d36a5e4c899f129a03cacc6355d58f4335c329717c6447862ef58fc21ab28c8a18
SSDEEP

3072:dsWcISlNux6veiCi36JRbs4jwKWuRr6TQY3mBTzFJ0T727K:dsWcIMNux6mJDjwZuesY3uTzFJ0T72G

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  11f8c1f5b57eb30a70d0023f407d0725f4069b53901d03946b48e7728a23480a
- Size
  
  164KB
- MD5
  
  f5435447e0ec599cb62a157eb5224191
- SHA1
  
  1c33e85974121c927099886c339c5f313b917f13
- SHA256
  
  11f8c1f5b57eb30a70d0023f407d0725f4069b53901d03946b48e7728a23480a
- SHA512
  
  b1a5133cfb7b3af3e4ac3550b8a6a187210c813ec82f24c4f8c538423dc894d36a5e4c899f129a03cacc6355d58f4335c329717c6447862ef58fc21ab28c8a18
- SSDEEP
  
  3072:dsWcISlNux6veiCi36JRbs4jwKWuRr6TQY3mBTzFJ0T727K:dsWcIMNux6mJDjwZuesY3uTzFJ0T72G
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence