a2ea3bdb0d0812fef1524445836731d8217a762e42f8eb39036b117611c5d755 | Triage

Sharing

General

Target

a2ea3bdb0d0812fef1524445836731d8217a762e42f8eb39036b117611c5d755
Size

100KB
Sample

221018-n6mr5sgabj
MD5

f6149523d928613eae77d8e388a32f09
SHA1

e7f2bd05935fd0f1fbe0ea1e87671b0b84bd5166
SHA256

a2ea3bdb0d0812fef1524445836731d8217a762e42f8eb39036b117611c5d755
SHA512

5e1ff526ea730da1f08c04bfcd165c6693fe23ace8a8f7e03f7b7bdbd9c22ff449d205a23a867898e0c0199dac4087cb55a441e4118e6276d8261c9ef04b9977
SSDEEP

1536:n3WacX220mQOWxJKIRGWcOUP7vXArnY1ZqAefzyes5NIjnZTA:3CQOFNAfzyeuCnpA

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a2ea3bdb0d0812fef1524445836731d8217a762e42f8eb39036b117611c5d755
- Size
  
  100KB
- MD5
  
  f6149523d928613eae77d8e388a32f09
- SHA1
  
  e7f2bd05935fd0f1fbe0ea1e87671b0b84bd5166
- SHA256
  
  a2ea3bdb0d0812fef1524445836731d8217a762e42f8eb39036b117611c5d755
- SHA512
  
  5e1ff526ea730da1f08c04bfcd165c6693fe23ace8a8f7e03f7b7bdbd9c22ff449d205a23a867898e0c0199dac4087cb55a441e4118e6276d8261c9ef04b9977
- SSDEEP
  
  1536:n3WacX220mQOWxJKIRGWcOUP7vXArnY1ZqAefzyes5NIjnZTA:3CQOFNAfzyeuCnpA
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence