eb6e95e981447437e54d8764fc2af43985cf4c69e5947a979b81e447ba42a8ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb6e95e981447437e54d8764fc2af43985cf4c69e5947a979b81e447ba42a8ee
Size

240KB
Sample

221107-t1pmfagab2
MD5

0fe2b1ebe4b59f43d82a2a84db76442d
SHA1

de05a96873fba63c2ea1a68e8110f924fd4d3df1
SHA256

eb6e95e981447437e54d8764fc2af43985cf4c69e5947a979b81e447ba42a8ee
SHA512

424703c34890c30fad7400167d9400afd0e68bd314279826c9294bcd5dac300149f2b02ffb21032d4e5b8e2c6f8cfd4618cf0588026b65e4bcb4e125a183cf64
SSDEEP

3072:j6JXFFF+YupJ904AX+ipuvnHMC6Fz2Pa9VZumXYdVL63fZi8KGckigoyyb:U1FFk/at6PMFKa9VUuYdVL63fZNfq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  eb6e95e981447437e54d8764fc2af43985cf4c69e5947a979b81e447ba42a8ee
- Size
  
  240KB
- MD5
  
  0fe2b1ebe4b59f43d82a2a84db76442d
- SHA1
  
  de05a96873fba63c2ea1a68e8110f924fd4d3df1
- SHA256
  
  eb6e95e981447437e54d8764fc2af43985cf4c69e5947a979b81e447ba42a8ee
- SHA512
  
  424703c34890c30fad7400167d9400afd0e68bd314279826c9294bcd5dac300149f2b02ffb21032d4e5b8e2c6f8cfd4618cf0588026b65e4bcb4e125a183cf64
- SSDEEP
  
  3072:j6JXFFF+YupJ904AX+ipuvnHMC6Fz2Pa9VZumXYdVL63fZi8KGckigoyyb:U1FFk/at6PMFKa9VUuYdVL63fZNfq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence