226a0eb9a8e700fe654604fb14d126409bc66a0c1f9ad8d1bb01f7106c5e009e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

226a0eb9a8e700fe654604fb14d126409bc66a0c1f9ad8d1bb01f7106c5e009e
Size

248KB
Sample

221107-t1eggaabcp
MD5

0df9f2a9ddac5357565ccd46e3f50d7d
SHA1

046c83573b1e9ec83fab1fcde6f7f2d489f12b53
SHA256

226a0eb9a8e700fe654604fb14d126409bc66a0c1f9ad8d1bb01f7106c5e009e
SHA512

8860c8cf01dc6d27bba83dd430172f5506258739a678e375509defeafa88f58a78c7f431f5bbd7b7eb691bedbe4a5065e1606011145d3d4b8ff9d8fc6cb3b3f9
SSDEEP

6144:TMcVQ0yyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyJ:TMHyUf9DRKlqgErIsKnPmb7/jWa1e+5T

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  226a0eb9a8e700fe654604fb14d126409bc66a0c1f9ad8d1bb01f7106c5e009e
- Size
  
  248KB
- MD5
  
  0df9f2a9ddac5357565ccd46e3f50d7d
- SHA1
  
  046c83573b1e9ec83fab1fcde6f7f2d489f12b53
- SHA256
  
  226a0eb9a8e700fe654604fb14d126409bc66a0c1f9ad8d1bb01f7106c5e009e
- SHA512
  
  8860c8cf01dc6d27bba83dd430172f5506258739a678e375509defeafa88f58a78c7f431f5bbd7b7eb691bedbe4a5065e1606011145d3d4b8ff9d8fc6cb3b3f9
- SSDEEP
  
  6144:TMcVQ0yyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyJ:TMHyUf9DRKlqgErIsKnPmb7/jWa1e+5T
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence