ea4ab404b188cf6f3bcbca07ae83d1e4a51aca31b3f738551edd3368bed4371b | Triage

Sharing

General

Target

ea4ab404b188cf6f3bcbca07ae83d1e4a51aca31b3f738551edd3368bed4371b
Size

68KB
Sample

221123-zr7dsadf59
MD5

d372bb45331bd1387917d91d98d3d02c
SHA1

6c4717b597819f8dd25dafe203048375df6a65bb
SHA256

ea4ab404b188cf6f3bcbca07ae83d1e4a51aca31b3f738551edd3368bed4371b
SHA512

39b374eef3e07f073065bcd13760f088c2347ba1d113fb757f8073452fe7ce4c32ad7f0b679c0cc9b0feaa88d399f847ce9eb20513cdcb853158e0b22a1fb649
SSDEEP

768:icKliTdCiAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:5KIxdAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ea4ab404b188cf6f3bcbca07ae83d1e4a51aca31b3f738551edd3368bed4371b
- Size
  
  68KB
- MD5
  
  d372bb45331bd1387917d91d98d3d02c
- SHA1
  
  6c4717b597819f8dd25dafe203048375df6a65bb
- SHA256
  
  ea4ab404b188cf6f3bcbca07ae83d1e4a51aca31b3f738551edd3368bed4371b
- SHA512
  
  39b374eef3e07f073065bcd13760f088c2347ba1d113fb757f8073452fe7ce4c32ad7f0b679c0cc9b0feaa88d399f847ce9eb20513cdcb853158e0b22a1fb649
- SSDEEP
  
  768:icKliTdCiAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:5KIxdAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence