ee55596ba2616174d2cd4424486414e613e504ad2c26e0308c7999245d2085d0 | Triage

Sharing

General

Target

ee55596ba2616174d2cd4424486414e613e504ad2c26e0308c7999245d2085d0
Size

104KB
Sample

221011-lqd4ysggan
MD5

02e27c2ff8c4a1a374fb5c188c648b28
SHA1

a1224b0f42deb69b8f3e019b8370185145cbde84
SHA256

ee55596ba2616174d2cd4424486414e613e504ad2c26e0308c7999245d2085d0
SHA512

a083b8bb2ff3ed5f44f49df8ff12140035068e0e4d47a27535248c16318e62a56b848c151b9e31c40fcae78eef5ec75c6c8032413c01be411657ce1b7446379c
SSDEEP

1536:3hhvr9fLieh6hC3KwTHlyHcw1rqVjSxakAyBGss7oJd:xhTlWehWwTHlyHBQNSxZs7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ee55596ba2616174d2cd4424486414e613e504ad2c26e0308c7999245d2085d0
- Size
  
  104KB
- MD5
  
  02e27c2ff8c4a1a374fb5c188c648b28
- SHA1
  
  a1224b0f42deb69b8f3e019b8370185145cbde84
- SHA256
  
  ee55596ba2616174d2cd4424486414e613e504ad2c26e0308c7999245d2085d0
- SHA512
  
  a083b8bb2ff3ed5f44f49df8ff12140035068e0e4d47a27535248c16318e62a56b848c151b9e31c40fcae78eef5ec75c6c8032413c01be411657ce1b7446379c
- SSDEEP
  
  1536:3hhvr9fLieh6hC3KwTHlyHcw1rqVjSxakAyBGss7oJd:xhTlWehWwTHlyHBQNSxZs7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence