e6173e325e953b4c723c2d48a8ad1e764e44ede3eefcaf54d5eea7c0eb6f052b | Triage

Sharing

General

Target

e6173e325e953b4c723c2d48a8ad1e764e44ede3eefcaf54d5eea7c0eb6f052b
Size

272KB
Sample

221020-148caagha2
MD5

4e5cd7aab2d7865018ce6724740bcc80
SHA1

cc99b0c2a2d916dac2f7143dd981db82a4161222
SHA256

e6173e325e953b4c723c2d48a8ad1e764e44ede3eefcaf54d5eea7c0eb6f052b
SHA512

12ddc638a7aec9b447355beb72af468741b56b20f4cf20cf03eb0ed7d14739c8c0f1c40d1dc710c2f3ff76f543020c0396288428c6cd152187ec94d4fc824033
SSDEEP

3072:0jsxTNg91R0FvbVJznCRcy/hqF69MSs/PLLK+ammU3YwgTeA3P9:ZzS8fznHC39G/PLLKU3YwgT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e6173e325e953b4c723c2d48a8ad1e764e44ede3eefcaf54d5eea7c0eb6f052b
- Size
  
  272KB
- MD5
  
  4e5cd7aab2d7865018ce6724740bcc80
- SHA1
  
  cc99b0c2a2d916dac2f7143dd981db82a4161222
- SHA256
  
  e6173e325e953b4c723c2d48a8ad1e764e44ede3eefcaf54d5eea7c0eb6f052b
- SHA512
  
  12ddc638a7aec9b447355beb72af468741b56b20f4cf20cf03eb0ed7d14739c8c0f1c40d1dc710c2f3ff76f543020c0396288428c6cd152187ec94d4fc824033
- SSDEEP
  
  3072:0jsxTNg91R0FvbVJznCRcy/hqF69MSs/PLLK+ammU3YwgTeA3P9:ZzS8fznHC39G/PLLKU3YwgT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence