e889b029c9ef6ceb0543f368024b3ea0656ce64ca7aa30bf7ec4025e23e9f91b | Triage

Sharing

General

Target

e889b029c9ef6ceb0543f368024b3ea0656ce64ca7aa30bf7ec4025e23e9f91b
Size

204KB
Sample

221030-amxlcadhel
MD5

92f35f08f4a4b4694f7b5ed3d16548be
SHA1

84d154d7e8e2b31fe633a076cc7674c48662da36
SHA256

e889b029c9ef6ceb0543f368024b3ea0656ce64ca7aa30bf7ec4025e23e9f91b
SHA512

f90fce3a153bd6ce91b5d9db1100a8ef57d020a703f830e057278fdc213d389ff56acc59053ab25ffb556a975265c4a3e66cd20f81117143b45899cfb12a5653
SSDEEP

6144:wjWJtSzNngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7Im:wjPNngeO+cwjfTfGHN1Ax9uJV10BK+bj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e889b029c9ef6ceb0543f368024b3ea0656ce64ca7aa30bf7ec4025e23e9f91b
- Size
  
  204KB
- MD5
  
  92f35f08f4a4b4694f7b5ed3d16548be
- SHA1
  
  84d154d7e8e2b31fe633a076cc7674c48662da36
- SHA256
  
  e889b029c9ef6ceb0543f368024b3ea0656ce64ca7aa30bf7ec4025e23e9f91b
- SHA512
  
  f90fce3a153bd6ce91b5d9db1100a8ef57d020a703f830e057278fdc213d389ff56acc59053ab25ffb556a975265c4a3e66cd20f81117143b45899cfb12a5653
- SSDEEP
  
  6144:wjWJtSzNngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7Im:wjPNngeO+cwjfTfGHN1Ax9uJV10BK+bj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence