0eb4b881dba6c8c51283b04d1040e75992e5884b47beef7ed037380ce584218e | Triage

Sharing

General

Target

0eb4b881dba6c8c51283b04d1040e75992e5884b47beef7ed037380ce584218e
Size

320KB
Sample

221020-r24rmshggn
MD5

a082ee08817d957c3d595e10c620f110
SHA1

9ef2c21419ceb9c393357a3f63bf4b0135a1eaea
SHA256

0eb4b881dba6c8c51283b04d1040e75992e5884b47beef7ed037380ce584218e
SHA512

1235fa11933d8ab6e21fb21207ed01846612d6f40af21eafebc8640c12f2563cc35350addc2dd81ad6a6a31870dc458583665d6edf64ad34ae2cc9ded3343a18
SSDEEP

6144:tr+xPxlWGsittIJ66onJGr+qyVztumGS5Ni3hpgoMKMphaeVf2B71x:tkPjWGsittm6JGr+qyVztumGS5YqoyU7

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0eb4b881dba6c8c51283b04d1040e75992e5884b47beef7ed037380ce584218e
- Size
  
  320KB
- MD5
  
  a082ee08817d957c3d595e10c620f110
- SHA1
  
  9ef2c21419ceb9c393357a3f63bf4b0135a1eaea
- SHA256
  
  0eb4b881dba6c8c51283b04d1040e75992e5884b47beef7ed037380ce584218e
- SHA512
  
  1235fa11933d8ab6e21fb21207ed01846612d6f40af21eafebc8640c12f2563cc35350addc2dd81ad6a6a31870dc458583665d6edf64ad34ae2cc9ded3343a18
- SSDEEP
  
  6144:tr+xPxlWGsittIJ66onJGr+qyVztumGS5Ni3hpgoMKMphaeVf2B71x:tkPjWGsittm6JGr+qyVztumGS5YqoyU7
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence