05eb169526a62bc1a6ab259fca36becd3c0ffc1df72fe07a4b20128654ccc1bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05eb169526a62bc1a6ab259fca36becd3c0ffc1df72fe07a4b20128654ccc1bf
Size

196KB
Sample

221002-as87bsfabp
MD5

6e8bc46239b4b17d1fc793d7e6de2cd0
SHA1

cf3cde4b5355ca85ad3fb29b559aa9b752b2788d
SHA256

05eb169526a62bc1a6ab259fca36becd3c0ffc1df72fe07a4b20128654ccc1bf
SHA512

44f21dbf8fd0861d0ff556442eafbaa384b6c1f8968469cc6045743bedfd754d9c95dff43efb2b042ec7fb1edf862b5199c4ee202e4be41d24475498425bfb96
SSDEEP

6144:Wy4K16oTJWvfU4+bOl8femcK/fObT/bGimszUf7WqnZ:rAoTMvs4+bOlNK/fObT/bGipE7RZ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  05eb169526a62bc1a6ab259fca36becd3c0ffc1df72fe07a4b20128654ccc1bf
- Size
  
  196KB
- MD5
  
  6e8bc46239b4b17d1fc793d7e6de2cd0
- SHA1
  
  cf3cde4b5355ca85ad3fb29b559aa9b752b2788d
- SHA256
  
  05eb169526a62bc1a6ab259fca36becd3c0ffc1df72fe07a4b20128654ccc1bf
- SHA512
  
  44f21dbf8fd0861d0ff556442eafbaa384b6c1f8968469cc6045743bedfd754d9c95dff43efb2b042ec7fb1edf862b5199c4ee202e4be41d24475498425bfb96
- SSDEEP
  
  6144:Wy4K16oTJWvfU4+bOl8femcK/fObT/bGimszUf7WqnZ:rAoTMvs4+bOlNK/fObT/bGipE7RZ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence