fce064b15ee18bbd688ed5fd3646bdd743e74ee67d55ff3781a9a9fe05393b2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fce064b15ee18bbd688ed5fd3646bdd743e74ee67d55ff3781a9a9fe05393b2d
Size

224KB
Sample

221003-c4hjvsebbj
MD5

4af19185b7b2fbba75f2a7d282407340
SHA1

829a81eb01468d6e2bd460b7c0dd1df57d763b39
SHA256

fce064b15ee18bbd688ed5fd3646bdd743e74ee67d55ff3781a9a9fe05393b2d
SHA512

306abba939f3a07996eaf6cdf9fa7335ebf90acfe81eac12bef5baed04a0f0b001e9477c3ac4a8ea8bf1fec854d5f5d3a574c91358bf0c2d75ee175ec1de8c96
SSDEEP

3072:e788E5EEeiJAKMN9DAXamLKAcfbKyZwP02bVq3NZMf:eW5IKMN9DtAcfbK/qT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fce064b15ee18bbd688ed5fd3646bdd743e74ee67d55ff3781a9a9fe05393b2d
- Size
  
  224KB
- MD5
  
  4af19185b7b2fbba75f2a7d282407340
- SHA1
  
  829a81eb01468d6e2bd460b7c0dd1df57d763b39
- SHA256
  
  fce064b15ee18bbd688ed5fd3646bdd743e74ee67d55ff3781a9a9fe05393b2d
- SHA512
  
  306abba939f3a07996eaf6cdf9fa7335ebf90acfe81eac12bef5baed04a0f0b001e9477c3ac4a8ea8bf1fec854d5f5d3a574c91358bf0c2d75ee175ec1de8c96
- SSDEEP
  
  3072:e788E5EEeiJAKMN9DAXamLKAcfbKyZwP02bVq3NZMf:eW5IKMN9DtAcfbK/qT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence