23b2e40ef40f1520517085091fe2e243f8eabb90558e2f6a2b83bfc1a29e2a79 | Triage

Sharing

General

Target

23b2e40ef40f1520517085091fe2e243f8eabb90558e2f6a2b83bfc1a29e2a79
Size

92KB
Sample

221124-ae5lzsec47
MD5

3893a6fc4bce6bc97821665554235870
SHA1

c541c88ed52fbcf5d920f98a6857ba8e2f2c7d7d
SHA256

23b2e40ef40f1520517085091fe2e243f8eabb90558e2f6a2b83bfc1a29e2a79
SHA512

ac0af27f2255a497105235d9736b338563fad6c3942f04ed7b18006742f8cd8c78db5f9f26b0dc69a9eaeeeed23e230e01892cf3dc0a19b8776767cdf88130cf
SSDEEP

1536:0xQtFDsZFrXQ09puSTksMcxa2/w/MyOKvxRnmwXvWsl7zP3+uv+8sraiL8VPQ2N3:liVXd9puSTkiro/MyOKvxRnmwXvWsl7J

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  23b2e40ef40f1520517085091fe2e243f8eabb90558e2f6a2b83bfc1a29e2a79
- Size
  
  92KB
- MD5
  
  3893a6fc4bce6bc97821665554235870
- SHA1
  
  c541c88ed52fbcf5d920f98a6857ba8e2f2c7d7d
- SHA256
  
  23b2e40ef40f1520517085091fe2e243f8eabb90558e2f6a2b83bfc1a29e2a79
- SHA512
  
  ac0af27f2255a497105235d9736b338563fad6c3942f04ed7b18006742f8cd8c78db5f9f26b0dc69a9eaeeeed23e230e01892cf3dc0a19b8776767cdf88130cf
- SSDEEP
  
  1536:0xQtFDsZFrXQ09puSTksMcxa2/w/MyOKvxRnmwXvWsl7zP3+uv+8sraiL8VPQ2N3:liVXd9puSTkiro/MyOKvxRnmwXvWsl7J
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence