e4e9b31061854f5ec128b2b591d8e83864530dae01c756d756c19b992e297e4c | Triage

Sharing

General

Target

e4e9b31061854f5ec128b2b591d8e83864530dae01c756d756c19b992e297e4c
Size

224KB
Sample

221107-zk1bwsghd7
MD5

0bad1223e046fdbb455fee53819cd211
SHA1

58b1eef2f03592e8d6df69d56e571710396e60d4
SHA256

e4e9b31061854f5ec128b2b591d8e83864530dae01c756d756c19b992e297e4c
SHA512

9af4b90bd64f345834a999572f1ab531bb92691ee035c042bc392f9c50792af87911cb4cf4f3fb593cf173086d3b8319744ab8709470442193144826bc143f5f
SSDEEP

3072:jb3N87hBQ3aZV7l2mclfj4Uvx+9sNxu+2eRcKgsU61JkkX39RLrw4ySKUbax2+gm:fNX3y74L76nrZ3X

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e4e9b31061854f5ec128b2b591d8e83864530dae01c756d756c19b992e297e4c
- Size
  
  224KB
- MD5
  
  0bad1223e046fdbb455fee53819cd211
- SHA1
  
  58b1eef2f03592e8d6df69d56e571710396e60d4
- SHA256
  
  e4e9b31061854f5ec128b2b591d8e83864530dae01c756d756c19b992e297e4c
- SHA512
  
  9af4b90bd64f345834a999572f1ab531bb92691ee035c042bc392f9c50792af87911cb4cf4f3fb593cf173086d3b8319744ab8709470442193144826bc143f5f
- SSDEEP
  
  3072:jb3N87hBQ3aZV7l2mclfj4Uvx+9sNxu+2eRcKgsU61JkkX39RLrw4ySKUbax2+gm:fNX3y74L76nrZ3X
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence