ee51fd853e8835a4de7e46beebfc7d58a1bc471bb17f7a6ba1ece591a0c2574c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ee51fd853e8835a4de7e46beebfc7d58a1bc471bb17f7a6ba1ece591a0c2574c
Size

304KB
Sample

221020-fyjrhsfec3
MD5

814b421b3ab216b96989eb81e7dd4a8b
SHA1

961bcdf8e750030b0390755a31bc9173b0a8bfda
SHA256

ee51fd853e8835a4de7e46beebfc7d58a1bc471bb17f7a6ba1ece591a0c2574c
SHA512

7b228be2491bf53fa53077b47d828568ed9ba08ec4096e5a03c38fd1cbe097a4b946ff32bb8c40844b8cfcaf19d313a5ed3f42d1445c3b95e114903fcee2cfab
SSDEEP

3072:lLf1i2Dwhe6YIRnbXtcU76VzKqc+C8i1op2aEaDFHT+7pvPxv4c:exu4v8ixla8x

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ee51fd853e8835a4de7e46beebfc7d58a1bc471bb17f7a6ba1ece591a0c2574c
- Size
  
  304KB
- MD5
  
  814b421b3ab216b96989eb81e7dd4a8b
- SHA1
  
  961bcdf8e750030b0390755a31bc9173b0a8bfda
- SHA256
  
  ee51fd853e8835a4de7e46beebfc7d58a1bc471bb17f7a6ba1ece591a0c2574c
- SHA512
  
  7b228be2491bf53fa53077b47d828568ed9ba08ec4096e5a03c38fd1cbe097a4b946ff32bb8c40844b8cfcaf19d313a5ed3f42d1445c3b95e114903fcee2cfab
- SSDEEP
  
  3072:lLf1i2Dwhe6YIRnbXtcU76VzKqc+C8i1op2aEaDFHT+7pvPxv4c:exu4v8ixla8x
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence