ebd837364c93a1ad5b74c6c6c1bd9adc3173d7f6d462a0b89aaf431738253047 | Triage

Sharing

General

Target

ebd837364c93a1ad5b74c6c6c1bd9adc3173d7f6d462a0b89aaf431738253047
Size

140KB
Sample

221124-aj5sjsef35
MD5

1616f984a8c4ba4c4d87b72c08dc3e24
SHA1

ba3b0dd554dd1f13ddd8d9640fb097b99e7833ae
SHA256

ebd837364c93a1ad5b74c6c6c1bd9adc3173d7f6d462a0b89aaf431738253047
SHA512

2b1c8517759c48693681665412168a33233041c3f5a4d92c847041c80f79c035c6ef722c14c240f0bfc8335aee102ac7c8a9e8021e1afe6dd46d9027446fe0cb
SSDEEP

3072:Ll2rglCJmkD73mQtFDPB1P85XvbM7h8bdaqmRIxqeHHNMBeeYGT:Lsr6CJ/72QtFDPB1P85Xvw7h8boqfqeG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ebd837364c93a1ad5b74c6c6c1bd9adc3173d7f6d462a0b89aaf431738253047
- Size
  
  140KB
- MD5
  
  1616f984a8c4ba4c4d87b72c08dc3e24
- SHA1
  
  ba3b0dd554dd1f13ddd8d9640fb097b99e7833ae
- SHA256
  
  ebd837364c93a1ad5b74c6c6c1bd9adc3173d7f6d462a0b89aaf431738253047
- SHA512
  
  2b1c8517759c48693681665412168a33233041c3f5a4d92c847041c80f79c035c6ef722c14c240f0bfc8335aee102ac7c8a9e8021e1afe6dd46d9027446fe0cb
- SSDEEP
  
  3072:Ll2rglCJmkD73mQtFDPB1P85XvbM7h8bdaqmRIxqeHHNMBeeYGT:Lsr6CJ/72QtFDPB1P85Xvw7h8boqfqeG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence