e1fe9c7994c03efeeaeb061f6fa8460c4b59e60111e4a7cc9acfb796a47b31cb | Triage

Sharing

General

Target

e1fe9c7994c03efeeaeb061f6fa8460c4b59e60111e4a7cc9acfb796a47b31cb
Size

44KB
Sample

221124-asmy4afc23
MD5

0a7ee7e75b9b32f12c2836d82836ab2b
SHA1

5a5126c698889408277919f2aef7bd25c17960a9
SHA256

e1fe9c7994c03efeeaeb061f6fa8460c4b59e60111e4a7cc9acfb796a47b31cb
SHA512

94b52e356db6f737fd51c76d6936ddc9c9d6f8da30d95e6d318152cb4a06a3707cbe91283754e4538b61d33085ce6cbd0ad8643f72c94a7c918ac53be1377364
SSDEEP

768:PC/Hd+9UNr/Xe04H7cHPHYmug6UXQm1dIZE2ocOT77e:P25GHyj6S3T77

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e1fe9c7994c03efeeaeb061f6fa8460c4b59e60111e4a7cc9acfb796a47b31cb
- Size
  
  44KB
- MD5
  
  0a7ee7e75b9b32f12c2836d82836ab2b
- SHA1
  
  5a5126c698889408277919f2aef7bd25c17960a9
- SHA256
  
  e1fe9c7994c03efeeaeb061f6fa8460c4b59e60111e4a7cc9acfb796a47b31cb
- SHA512
  
  94b52e356db6f737fd51c76d6936ddc9c9d6f8da30d95e6d318152cb4a06a3707cbe91283754e4538b61d33085ce6cbd0ad8643f72c94a7c918ac53be1377364
- SSDEEP
  
  768:PC/Hd+9UNr/Xe04H7cHPHYmug6UXQm1dIZE2ocOT77e:P25GHyj6S3T77
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence