ed906fede9a28e53ac5cdc8ae421d1435731e20850b49d323db3fbe1dc963f3b | Triage

Sharing

General

Target

ed906fede9a28e53ac5cdc8ae421d1435731e20850b49d323db3fbe1dc963f3b
Size

244KB
Sample

221003-h7aajseehk
MD5

53fa50a8bf5ebe4cae6ba03e5790e470
SHA1

c23c530e0cba929eef2173c54549db6d7c32e8e8
SHA256

ed906fede9a28e53ac5cdc8ae421d1435731e20850b49d323db3fbe1dc963f3b
SHA512

2ada4c027fa7943f106621b5728918c1938807ef9c8fa18f0d0da090bf5710c2062ae244c25e8b6a8138a7b8b8e2f38d09670d767fc40f6c1260786072eaf690
SSDEEP

6144:6Iw8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFGC:6b8DFe0qip4rZNOm3FAG7H59R7g0fY4h

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ed906fede9a28e53ac5cdc8ae421d1435731e20850b49d323db3fbe1dc963f3b
- Size
  
  244KB
- MD5
  
  53fa50a8bf5ebe4cae6ba03e5790e470
- SHA1
  
  c23c530e0cba929eef2173c54549db6d7c32e8e8
- SHA256
  
  ed906fede9a28e53ac5cdc8ae421d1435731e20850b49d323db3fbe1dc963f3b
- SHA512
  
  2ada4c027fa7943f106621b5728918c1938807ef9c8fa18f0d0da090bf5710c2062ae244c25e8b6a8138a7b8b8e2f38d09670d767fc40f6c1260786072eaf690
- SSDEEP
  
  6144:6Iw8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFGC:6b8DFe0qip4rZNOm3FAG7H59R7g0fY4h
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence