ed957ee27f623cf0401934b9da6258360c660939abfbd5b224d4fd2bcbb17306 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed957ee27f623cf0401934b9da6258360c660939abfbd5b224d4fd2bcbb17306
Size

262KB
Sample

221003-t1t7xsehar
MD5

3623a07a2ef303aa67b0872632c0f470
SHA1

871d371cd6a790722d7c869ca351e4ee3dd8bfe4
SHA256

ed957ee27f623cf0401934b9da6258360c660939abfbd5b224d4fd2bcbb17306
SHA512

278a0e195d442e46ed7746d9b82a52d28dad8779e4fda541e1df81fbbe8d4446f6083c85500f5f1758b0f2fb172efc484b988d579d53352a70ab5d0d05db1190
SSDEEP

6144:5WunhxTXWVpcVmcOClV7cN1kyymJuc4EX:5WA6iIAZc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ed957ee27f623cf0401934b9da6258360c660939abfbd5b224d4fd2bcbb17306
- Size
  
  262KB
- MD5
  
  3623a07a2ef303aa67b0872632c0f470
- SHA1
  
  871d371cd6a790722d7c869ca351e4ee3dd8bfe4
- SHA256
  
  ed957ee27f623cf0401934b9da6258360c660939abfbd5b224d4fd2bcbb17306
- SHA512
  
  278a0e195d442e46ed7746d9b82a52d28dad8779e4fda541e1df81fbbe8d4446f6083c85500f5f1758b0f2fb172efc484b988d579d53352a70ab5d0d05db1190
- SSDEEP
  
  6144:5WunhxTXWVpcVmcOClV7cN1kyymJuc4EX:5WA6iIAZc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence