3e807ea0646c72d0ada49a2d03d668ea6d7a00956369cd8fb6be931f9704bcfe | Triage

Sharing

General

Target

3e807ea0646c72d0ada49a2d03d668ea6d7a00956369cd8fb6be931f9704bcfe
Size

152KB
Sample

221004-ephbnabfhm
MD5

5a51318d3b0a872098dcbbc5e4a41950
SHA1

894fa17145550f5bffee2941bf7481e6a33d7971
SHA256

3e807ea0646c72d0ada49a2d03d668ea6d7a00956369cd8fb6be931f9704bcfe
SHA512

4389057cd2450b1d3d00d1e5daf8734b966adb573f3165a119b468416d3498d1d7209c132c1e17cd705fd6754a2f452cc877387a71c895decb3c73720c2e989f
SSDEEP

3072:T3D8IpK9xKA9w2p4QZisLaazNiIIkyyqN4oQZiENIx2r:T3DrpKxY+1isuazgfklcWMxq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3e807ea0646c72d0ada49a2d03d668ea6d7a00956369cd8fb6be931f9704bcfe
- Size
  
  152KB
- MD5
  
  5a51318d3b0a872098dcbbc5e4a41950
- SHA1
  
  894fa17145550f5bffee2941bf7481e6a33d7971
- SHA256
  
  3e807ea0646c72d0ada49a2d03d668ea6d7a00956369cd8fb6be931f9704bcfe
- SHA512
  
  4389057cd2450b1d3d00d1e5daf8734b966adb573f3165a119b468416d3498d1d7209c132c1e17cd705fd6754a2f452cc877387a71c895decb3c73720c2e989f
- SSDEEP
  
  3072:T3D8IpK9xKA9w2p4QZisLaazNiIIkyyqN4oQZiENIx2r:T3DrpKxY+1isuazgfklcWMxq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence