ee8e96b3033235b71aa3dc51a89d42a17ed00210faf8d0596e854a15855419a4 | Triage

Sharing

General

Target

ee8e96b3033235b71aa3dc51a89d42a17ed00210faf8d0596e854a15855419a4
Size

135KB
Sample

221002-2lahzadfh9
MD5

652eb1a3ad6bc258ecbf00615adc51e5
SHA1

7f882219e2d06db62f004629e33e63c8168afabb
SHA256

ee8e96b3033235b71aa3dc51a89d42a17ed00210faf8d0596e854a15855419a4
SHA512

d9952d756847decc279322777a3971d021d2a32729d63632d7dd5e77ac4913602e36f86916dfbb1f7d4d5bcfc6aa51a023c2b07bd44879938d5bc21caaf25bbd
SSDEEP

3072:YNZ7e/hWc3VsweCeXRzeSeVeEe0eDQ8jrTru:YZWhWc3VsZR3Q8jrTr

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ee8e96b3033235b71aa3dc51a89d42a17ed00210faf8d0596e854a15855419a4
- Size
  
  135KB
- MD5
  
  652eb1a3ad6bc258ecbf00615adc51e5
- SHA1
  
  7f882219e2d06db62f004629e33e63c8168afabb
- SHA256
  
  ee8e96b3033235b71aa3dc51a89d42a17ed00210faf8d0596e854a15855419a4
- SHA512
  
  d9952d756847decc279322777a3971d021d2a32729d63632d7dd5e77ac4913602e36f86916dfbb1f7d4d5bcfc6aa51a023c2b07bd44879938d5bc21caaf25bbd
- SSDEEP
  
  3072:YNZ7e/hWc3VsweCeXRzeSeVeEe0eDQ8jrTru:YZWhWc3VsZR3Q8jrTr
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence