eae98f28723da27b13370ddc182630656ac6b6de220f2174bfe59e6662a5c5c3 | Triage

Sharing

General

Target

eae98f28723da27b13370ddc182630656ac6b6de220f2174bfe59e6662a5c5c3
Size

196KB
Sample

221019-qenw8shbc9
MD5

922017c73f75679ffc0b5e1298cf02ea
SHA1

dc440db3baf86b646c85b0001799eea34ac0a02f
SHA256

eae98f28723da27b13370ddc182630656ac6b6de220f2174bfe59e6662a5c5c3
SHA512

4bce5e89e1ad6d8e9030ac0d4187950218a1fe5c4c35d0f836e61c7ba494f319e7af8864e5d872a67f1337a192bf8e71de82dba94858aaca51646213f5268d3a
SSDEEP

6144:lkiuUPH3bX2a23NYcJQ8TfxZ85WJ007G9tSBN7Dft:GiuUPH3bX2a23NYcJQ8TfxZ9J0rtSzH1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  eae98f28723da27b13370ddc182630656ac6b6de220f2174bfe59e6662a5c5c3
- Size
  
  196KB
- MD5
  
  922017c73f75679ffc0b5e1298cf02ea
- SHA1
  
  dc440db3baf86b646c85b0001799eea34ac0a02f
- SHA256
  
  eae98f28723da27b13370ddc182630656ac6b6de220f2174bfe59e6662a5c5c3
- SHA512
  
  4bce5e89e1ad6d8e9030ac0d4187950218a1fe5c4c35d0f836e61c7ba494f319e7af8864e5d872a67f1337a192bf8e71de82dba94858aaca51646213f5268d3a
- SSDEEP
  
  6144:lkiuUPH3bX2a23NYcJQ8TfxZ85WJ007G9tSBN7Dft:GiuUPH3bX2a23NYcJQ8TfxZ9J0rtSzH1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence