e085d8c6588f36c5be131aa0524e14d76eec0eef9ea87bdbdeaa8b08f5f14d8b | Triage

Sharing

General

Target

e085d8c6588f36c5be131aa0524e14d76eec0eef9ea87bdbdeaa8b08f5f14d8b
Size

240KB
Sample

221020-l3ntxsgffp
MD5

968787857bcd20ad61b6b1d9136a353e
SHA1

a3f581eba23ce9c688e4a5e21a565b485f9ecd5e
SHA256

e085d8c6588f36c5be131aa0524e14d76eec0eef9ea87bdbdeaa8b08f5f14d8b
SHA512

9648f64d853fe56dbeb977868ec422f6949775713b456cc43d72bc1f0f3e404e3c8d94073ff73c9fadf6b22878befeffc52633ef18720b7b8682a9c6090b8088
SSDEEP

6144:jUv3dwqsNwemAB0EqxF6snji81RUinKchhy9SE:KdQQJsEE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e085d8c6588f36c5be131aa0524e14d76eec0eef9ea87bdbdeaa8b08f5f14d8b
- Size
  
  240KB
- MD5
  
  968787857bcd20ad61b6b1d9136a353e
- SHA1
  
  a3f581eba23ce9c688e4a5e21a565b485f9ecd5e
- SHA256
  
  e085d8c6588f36c5be131aa0524e14d76eec0eef9ea87bdbdeaa8b08f5f14d8b
- SHA512
  
  9648f64d853fe56dbeb977868ec422f6949775713b456cc43d72bc1f0f3e404e3c8d94073ff73c9fadf6b22878befeffc52633ef18720b7b8682a9c6090b8088
- SSDEEP
  
  6144:jUv3dwqsNwemAB0EqxF6snji81RUinKchhy9SE:KdQQJsEE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence