e529d11614e76ddfe47c2f4bb81e5aceacc2ca1b019f766d07b4d89984678eb8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e529d11614e76ddfe47c2f4bb81e5aceacc2ca1b019f766d07b4d89984678eb8
Size

248KB
Sample

221003-dhq5jsegdr
MD5

63ae8ccb77b041078341a01e520a2e63
SHA1

25fbdd16289552261cdf195641b99f5ec1a1c751
SHA256

e529d11614e76ddfe47c2f4bb81e5aceacc2ca1b019f766d07b4d89984678eb8
SHA512

be0fa728f15a8a62c12522e4aa3769ab1ec0c1390a0e3762c823277a53a50ed25a5fafe2ea149ca2f60d41dada5d5b669dfa8296de30907c375b06eff3c066a3
SSDEEP

6144:TikVQRyyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyJ:TiOyUf9DRKlqgErIsKnPmb7/jWa1e+5T

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e529d11614e76ddfe47c2f4bb81e5aceacc2ca1b019f766d07b4d89984678eb8
- Size
  
  248KB
- MD5
  
  63ae8ccb77b041078341a01e520a2e63
- SHA1
  
  25fbdd16289552261cdf195641b99f5ec1a1c751
- SHA256
  
  e529d11614e76ddfe47c2f4bb81e5aceacc2ca1b019f766d07b4d89984678eb8
- SHA512
  
  be0fa728f15a8a62c12522e4aa3769ab1ec0c1390a0e3762c823277a53a50ed25a5fafe2ea149ca2f60d41dada5d5b669dfa8296de30907c375b06eff3c066a3
- SSDEEP
  
  6144:TikVQRyyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyJ:TiOyUf9DRKlqgErIsKnPmb7/jWa1e+5T
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence