14be3cc44ccbacb26076fcb3888f73dd00540374307b35a6fc2de5994f340ced | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14be3cc44ccbacb26076fcb3888f73dd00540374307b35a6fc2de5994f340ced
Size

212KB
Sample

221019-r7p6fachdj
MD5

c3ec96691ebe787a654fea53330aeff4
SHA1

58afae0636247b8d1dd773744a3a5b3327d13c0c
SHA256

14be3cc44ccbacb26076fcb3888f73dd00540374307b35a6fc2de5994f340ced
SHA512

956d2d5a355c91a1cba4a8618a5138b9c8b11e6c79b72735a6ff428dba95077c8957f8ebbab870aed7235be4b97c123dbd16dd40d62a961ea0451c77ef7262fd
SSDEEP

3072:ICzTo/0Yxj0tQ9nLHbB9WPliBs2HWWEakGJm9YAv:ICqJ4QxL7B9WPli+yWWEaz/Y

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  14be3cc44ccbacb26076fcb3888f73dd00540374307b35a6fc2de5994f340ced
- Size
  
  212KB
- MD5
  
  c3ec96691ebe787a654fea53330aeff4
- SHA1
  
  58afae0636247b8d1dd773744a3a5b3327d13c0c
- SHA256
  
  14be3cc44ccbacb26076fcb3888f73dd00540374307b35a6fc2de5994f340ced
- SHA512
  
  956d2d5a355c91a1cba4a8618a5138b9c8b11e6c79b72735a6ff428dba95077c8957f8ebbab870aed7235be4b97c123dbd16dd40d62a961ea0451c77ef7262fd
- SSDEEP
  
  3072:ICzTo/0Yxj0tQ9nLHbB9WPliBs2HWWEakGJm9YAv:ICqJ4QxL7B9WPli+yWWEaz/Y
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence