ee3690adc9ca4fb4dbb43b23328881db76a325d134c493fce2cee2fa27f4f803 | Triage

Sharing

General

Target

ee3690adc9ca4fb4dbb43b23328881db76a325d134c493fce2cee2fa27f4f803
Size

192KB
Sample

221123-vv261sda51
MD5

1c2b64dcb9286f43bc48ed90fe73a54f
SHA1

36301fdb5937a2e418c6c71aa1a33158f502c3e7
SHA256

ee3690adc9ca4fb4dbb43b23328881db76a325d134c493fce2cee2fa27f4f803
SHA512

956e7d60264c58c667c396aba92a5a0c1b3062e3af492ef5adb1376e5ec311dc947f123134e98b680dd2c5bf317a765e08355e7c999576bde971b833499e4910
SSDEEP

3072:KwBJP6h+RH5UL1iUG3KgKLKRKSdNIVqR5VxerayK/fObT/bGicFgvXb6jGJoX:KwBJCcRZSgKgKLKRKSdNIVqRTxEpK/fD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ee3690adc9ca4fb4dbb43b23328881db76a325d134c493fce2cee2fa27f4f803
- Size
  
  192KB
- MD5
  
  1c2b64dcb9286f43bc48ed90fe73a54f
- SHA1
  
  36301fdb5937a2e418c6c71aa1a33158f502c3e7
- SHA256
  
  ee3690adc9ca4fb4dbb43b23328881db76a325d134c493fce2cee2fa27f4f803
- SHA512
  
  956e7d60264c58c667c396aba92a5a0c1b3062e3af492ef5adb1376e5ec311dc947f123134e98b680dd2c5bf317a765e08355e7c999576bde971b833499e4910
- SSDEEP
  
  3072:KwBJP6h+RH5UL1iUG3KgKLKRKSdNIVqR5VxerayK/fObT/bGicFgvXb6jGJoX:KwBJCcRZSgKgKLKRKSdNIVqRTxEpK/fD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence