e351323c82bdd201c5f2aef335eb8490b4f223295e32cd275c9710c084d46869 | Triage

Sharing

General

Target

e351323c82bdd201c5f2aef335eb8490b4f223295e32cd275c9710c084d46869
Size

316KB
Sample

221107-zm3j2ahac5
MD5

0f192a69911fc92e52be627e4a22aff0
SHA1

6a91014092e6cd17d178be7646dc10bb8725a3ea
SHA256

e351323c82bdd201c5f2aef335eb8490b4f223295e32cd275c9710c084d46869
SHA512

6df499069f851625774a7b95174b92cbca283d6c4674fb9f6bfa2db632b8b404c9b186d4e22bbf373c11769960d826e192986031e2962498aa42a75aa33409f6
SSDEEP

6144:8M2F4wsq8gFV91GGGLVTmrshXj0MQH1DUhu1GJu+DODryKnKx:TKUgFV6Hm1JKx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e351323c82bdd201c5f2aef335eb8490b4f223295e32cd275c9710c084d46869
- Size
  
  316KB
- MD5
  
  0f192a69911fc92e52be627e4a22aff0
- SHA1
  
  6a91014092e6cd17d178be7646dc10bb8725a3ea
- SHA256
  
  e351323c82bdd201c5f2aef335eb8490b4f223295e32cd275c9710c084d46869
- SHA512
  
  6df499069f851625774a7b95174b92cbca283d6c4674fb9f6bfa2db632b8b404c9b186d4e22bbf373c11769960d826e192986031e2962498aa42a75aa33409f6
- SSDEEP
  
  6144:8M2F4wsq8gFV91GGGLVTmrshXj0MQH1DUhu1GJu+DODryKnKx:TKUgFV6Hm1JKx
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence