fe4413c48c2603260c25f8d692a7bf1e8e71737ab7ac65bbf70ff3d777524900 | Triage

Sharing

General

Target

fe4413c48c2603260c25f8d692a7bf1e8e71737ab7ac65bbf70ff3d777524900
Size

168KB
Sample

221124-agw3mahf61
MD5

34b5319dbd448b8880e8856ab66fbe70
SHA1

1a5fb8517e43c94d1eb9b2b9869b65d292aa64f3
SHA256

fe4413c48c2603260c25f8d692a7bf1e8e71737ab7ac65bbf70ff3d777524900
SHA512

e9d29e11903515e29500719f35f233c8e29e510eb662f0461751695e82a941cad92fed496ae0e8390649e33354dba58db3f1851d80df7850f48228c3cc6c8a53
SSDEEP

1536:xAElHooXxTaSfm8UI+FQZAq7UjbJw5aCUZeBB++7XVFfFVE/9jMhmqLBzmBTQI:LlHooXxYUZvUH2aZZer++7XVb5i0I

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  fe4413c48c2603260c25f8d692a7bf1e8e71737ab7ac65bbf70ff3d777524900
- Size
  
  168KB
- MD5
  
  34b5319dbd448b8880e8856ab66fbe70
- SHA1
  
  1a5fb8517e43c94d1eb9b2b9869b65d292aa64f3
- SHA256
  
  fe4413c48c2603260c25f8d692a7bf1e8e71737ab7ac65bbf70ff3d777524900
- SHA512
  
  e9d29e11903515e29500719f35f233c8e29e510eb662f0461751695e82a941cad92fed496ae0e8390649e33354dba58db3f1851d80df7850f48228c3cc6c8a53
- SSDEEP
  
  1536:xAElHooXxTaSfm8UI+FQZAq7UjbJw5aCUZeBB++7XVFfFVE/9jMhmqLBzmBTQI:LlHooXxYUZvUH2aZZer++7XVb5i0I
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence