c7ec8f578579d0ac744a4124ab63d2c7685feaa395fc264e06f5cd044b113194 | Triage

Sharing

General

Target

c7ec8f578579d0ac744a4124ab63d2c7685feaa395fc264e06f5cd044b113194
Size

204KB
Sample

221124-am5lyseh47
MD5

1d5ee2ea035c779343781abd14bf1c90
SHA1

14c1d90548b12dcd93164c38593cf5dc67bb05de
SHA256

c7ec8f578579d0ac744a4124ab63d2c7685feaa395fc264e06f5cd044b113194
SHA512

41f24dce0af6f01a01fa74ed06e2c1e2ec826c29f9ef994fc2794a85129ec4befed49ed1331161ccf4d9fbfd809e0f122b6fbd40565bba630559317ba1e52c04
SSDEEP

6144:o4pJt0NngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7U:o46NngeO+cwjfTfGHN1Ax9uJV10BK+bJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c7ec8f578579d0ac744a4124ab63d2c7685feaa395fc264e06f5cd044b113194
- Size
  
  204KB
- MD5
  
  1d5ee2ea035c779343781abd14bf1c90
- SHA1
  
  14c1d90548b12dcd93164c38593cf5dc67bb05de
- SHA256
  
  c7ec8f578579d0ac744a4124ab63d2c7685feaa395fc264e06f5cd044b113194
- SHA512
  
  41f24dce0af6f01a01fa74ed06e2c1e2ec826c29f9ef994fc2794a85129ec4befed49ed1331161ccf4d9fbfd809e0f122b6fbd40565bba630559317ba1e52c04
- SSDEEP
  
  6144:o4pJt0NngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7U:o46NngeO+cwjfTfGHN1Ax9uJV10BK+bJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence