e1849a4536153ef45b2a5ad196854ebf6ae6d8e9ee918eea253f08f62acc730c | Triage

Sharing

General

Target

e1849a4536153ef45b2a5ad196854ebf6ae6d8e9ee918eea253f08f62acc730c
Size

124KB
Sample

221124-ap2cbaab9t
MD5

53bb1401b62473906e50b2f0de55d370
SHA1

86be2edec1479f513ae3408c9c60879ed0b36cf2
SHA256

e1849a4536153ef45b2a5ad196854ebf6ae6d8e9ee918eea253f08f62acc730c
SHA512

87065878fb5dda42a46f8079e45cd0c5d77b90af68e7e57dcb4207e56177b01fe0455d33e65d24a8bb3ed9abc2a1f8eed0c87f46f343ce6524eda3792f75773d
SSDEEP

1536:YIszx5YeL1hRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:zG/YEhkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e1849a4536153ef45b2a5ad196854ebf6ae6d8e9ee918eea253f08f62acc730c
- Size
  
  124KB
- MD5
  
  53bb1401b62473906e50b2f0de55d370
- SHA1
  
  86be2edec1479f513ae3408c9c60879ed0b36cf2
- SHA256
  
  e1849a4536153ef45b2a5ad196854ebf6ae6d8e9ee918eea253f08f62acc730c
- SHA512
  
  87065878fb5dda42a46f8079e45cd0c5d77b90af68e7e57dcb4207e56177b01fe0455d33e65d24a8bb3ed9abc2a1f8eed0c87f46f343ce6524eda3792f75773d
- SSDEEP
  
  1536:YIszx5YeL1hRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:zG/YEhkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence