5fe872a310251c03bd908e944a2d84ccb2cd5bb9593e34b2b71add05d8793d3d | Triage

Sharing

General

Target

5fe872a310251c03bd908e944a2d84ccb2cd5bb9593e34b2b71add05d8793d3d
Size

172KB
Sample

221124-am8nlseh53
MD5

36b95047d576b743fc23c2754b237ac0
SHA1

8bf4e4d6463494c6a3d85a12c282a60334b24ff7
SHA256

5fe872a310251c03bd908e944a2d84ccb2cd5bb9593e34b2b71add05d8793d3d
SHA512

eeebbe689e7ab8dbb5979ec332ca235a2776abe283d4d61b5ec5d5e57c11da1c3269cdc740b3ce1fdc19a15a693aa6591033bfcf43cef8de24087cae78286a4f
SSDEEP

3072:VxjQXp5YHeNh1nm9JuKnvmb7/D26tvJc56bzfCKpbVuugHvmDQiBuAZdQN:7jQ7LNh1wMKnvmb7/D26tBc5KDCKpBuv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5fe872a310251c03bd908e944a2d84ccb2cd5bb9593e34b2b71add05d8793d3d
- Size
  
  172KB
- MD5
  
  36b95047d576b743fc23c2754b237ac0
- SHA1
  
  8bf4e4d6463494c6a3d85a12c282a60334b24ff7
- SHA256
  
  5fe872a310251c03bd908e944a2d84ccb2cd5bb9593e34b2b71add05d8793d3d
- SHA512
  
  eeebbe689e7ab8dbb5979ec332ca235a2776abe283d4d61b5ec5d5e57c11da1c3269cdc740b3ce1fdc19a15a693aa6591033bfcf43cef8de24087cae78286a4f
- SSDEEP
  
  3072:VxjQXp5YHeNh1nm9JuKnvmb7/D26tvJc56bzfCKpbVuugHvmDQiBuAZdQN:7jQ7LNh1wMKnvmb7/D26tBc5KDCKpBuv
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence