b3e9bfd964301efdc63334e404cd71cc3859c10d9a7a2360c1d0a5e9b9d9013e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3e9bfd964301efdc63334e404cd71cc3859c10d9a7a2360c1d0a5e9b9d9013e
Size

244KB
Sample

221107-w36d3sebhk
MD5

0bdebe3470ec8ac7f5fbf72fed187797
SHA1

dc793506e0b54eab650275eea36596a5671bcf04
SHA256

b3e9bfd964301efdc63334e404cd71cc3859c10d9a7a2360c1d0a5e9b9d9013e
SHA512

bee300ef732c58e9f83e14b89860d7089ef22773836d416bf68e2aa97b88e0593298bc062bf2e020ec4a7a3470073ad2376d1c100827cf7307d43816459b0901
SSDEEP

6144:O5gw8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFZ:OB8DFe0qip4rZNOm3FAG7H59R7g0fY4f

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b3e9bfd964301efdc63334e404cd71cc3859c10d9a7a2360c1d0a5e9b9d9013e
- Size
  
  244KB
- MD5
  
  0bdebe3470ec8ac7f5fbf72fed187797
- SHA1
  
  dc793506e0b54eab650275eea36596a5671bcf04
- SHA256
  
  b3e9bfd964301efdc63334e404cd71cc3859c10d9a7a2360c1d0a5e9b9d9013e
- SHA512
  
  bee300ef732c58e9f83e14b89860d7089ef22773836d416bf68e2aa97b88e0593298bc062bf2e020ec4a7a3470073ad2376d1c100827cf7307d43816459b0901
- SSDEEP
  
  6144:O5gw8DFe0qip4r1XNOmNBLxAG7H59R7g0fY4rGK/fObT/bGijVq1Wzr/+mNGXnFZ:OB8DFe0qip4rZNOm3FAG7H59R7g0fY4f
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence