2ea31a3ac2362a06e4d2f80cb8b1f4170a5f425dec60ccac442041583b80d623 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ea31a3ac2362a06e4d2f80cb8b1f4170a5f425dec60ccac442041583b80d623
Size

88KB
Sample

221107-zc4dksafhq
MD5

0c33cae18f55ea319d642c319b76c57c
SHA1

c018ce1f041040ee474fa04c49fe832246dbdf10
SHA256

2ea31a3ac2362a06e4d2f80cb8b1f4170a5f425dec60ccac442041583b80d623
SHA512

e6b1d8b7135e97bd1acbd5e48b69536aebc7b795718585853144f5ebdd18fbb33fd4a595984d226d5f6d85ce0f5a7c6aa34c6664f96439c7c64e1f1784541e87
SSDEEP

1536:p6uUDdqGW1pLDcw3Hr+PaGme7pPXLq0zTrkyP:fUDJl1XTzToyP

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2ea31a3ac2362a06e4d2f80cb8b1f4170a5f425dec60ccac442041583b80d623
- Size
  
  88KB
- MD5
  
  0c33cae18f55ea319d642c319b76c57c
- SHA1
  
  c018ce1f041040ee474fa04c49fe832246dbdf10
- SHA256
  
  2ea31a3ac2362a06e4d2f80cb8b1f4170a5f425dec60ccac442041583b80d623
- SHA512
  
  e6b1d8b7135e97bd1acbd5e48b69536aebc7b795718585853144f5ebdd18fbb33fd4a595984d226d5f6d85ce0f5a7c6aa34c6664f96439c7c64e1f1784541e87
- SSDEEP
  
  1536:p6uUDdqGW1pLDcw3Hr+PaGme7pPXLq0zTrkyP:fUDJl1XTzToyP
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence