1ec6a5b8cb65b26560b46f1a75f4a652ed40b5a4b4b2609be65e503d646d753e | Triage

Sharing

General

Target

1ec6a5b8cb65b26560b46f1a75f4a652ed40b5a4b4b2609be65e503d646d753e
Size

272KB
Sample

221123-xfehhshg9y
MD5

57acc0858d14d4fa5fc099ae80ac5ab0
SHA1

bee3794b1d28ad6b82373a3d818dd0e518c60f09
SHA256

1ec6a5b8cb65b26560b46f1a75f4a652ed40b5a4b4b2609be65e503d646d753e
SHA512

17ada5114e6a5e1d95df035239732a0f6a4e14ae753eb651124a527d9699847def91b9884f0a251a19046fcd9138e766fd44711655924c9f2623086b51a93580
SSDEEP

3072:Sjs/TNg91R0FvbVJznCRcy/hqF69MSs/PLLK+ammU3YwgTeA3gJ0:HxS8fznHC39G/PLLKU3YwgT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1ec6a5b8cb65b26560b46f1a75f4a652ed40b5a4b4b2609be65e503d646d753e
- Size
  
  272KB
- MD5
  
  57acc0858d14d4fa5fc099ae80ac5ab0
- SHA1
  
  bee3794b1d28ad6b82373a3d818dd0e518c60f09
- SHA256
  
  1ec6a5b8cb65b26560b46f1a75f4a652ed40b5a4b4b2609be65e503d646d753e
- SHA512
  
  17ada5114e6a5e1d95df035239732a0f6a4e14ae753eb651124a527d9699847def91b9884f0a251a19046fcd9138e766fd44711655924c9f2623086b51a93580
- SSDEEP
  
  3072:Sjs/TNg91R0FvbVJznCRcy/hqF69MSs/PLLK+ammU3YwgTeA3gJ0:HxS8fznHC39G/PLLKU3YwgT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence