e501318c0db899d1426736cc45c07f55b033fb2f6c53ecb398e10596fcd0f2f4 | Triage

Sharing

General

Target

e501318c0db899d1426736cc45c07f55b033fb2f6c53ecb398e10596fcd0f2f4
Size

184KB
Sample

221124-am4dwsaa7v
MD5

5487995934b0c66b93cb306bc0bd2d42
SHA1

d9d41a959dea84df11b2af86908a931ffecc7d8d
SHA256

e501318c0db899d1426736cc45c07f55b033fb2f6c53ecb398e10596fcd0f2f4
SHA512

badc480d4a298dffda41f046d8cf8b02afed3ad1400003a4a0709c4741c374826fc38583497dc8a99d9c2fefc0421f08dd98829d9f63936b932871d5f33353a1
SSDEEP

3072:xX+qdeVb4rNjWrbC0QuKnvmb7/D26SwP9llwnlr8RMFDjsyvI+cdcFT0uLFaXmGu:xpcVb4rNjW1Knvmb7/D26SwVllwnlr8c

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e501318c0db899d1426736cc45c07f55b033fb2f6c53ecb398e10596fcd0f2f4
- Size
  
  184KB
- MD5
  
  5487995934b0c66b93cb306bc0bd2d42
- SHA1
  
  d9d41a959dea84df11b2af86908a931ffecc7d8d
- SHA256
  
  e501318c0db899d1426736cc45c07f55b033fb2f6c53ecb398e10596fcd0f2f4
- SHA512
  
  badc480d4a298dffda41f046d8cf8b02afed3ad1400003a4a0709c4741c374826fc38583497dc8a99d9c2fefc0421f08dd98829d9f63936b932871d5f33353a1
- SSDEEP
  
  3072:xX+qdeVb4rNjWrbC0QuKnvmb7/D26SwP9llwnlr8RMFDjsyvI+cdcFT0uLFaXmGu:xpcVb4rNjW1Knvmb7/D26SwVllwnlr8c
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence