0e3691dcda2e241be5694fbaf418a79e8b1f296be1a6ab683b6e170f17a46d87 | Triage

Sharing

General

Target

0e3691dcda2e241be5694fbaf418a79e8b1f296be1a6ab683b6e170f17a46d87
Size

128KB
Sample

221124-j1fz7add9x
MD5

7462935b17bd205e9465ba34504bd60d
SHA1

95428bd87b271e2b8bca0040ec0711757309ed1d
SHA256

0e3691dcda2e241be5694fbaf418a79e8b1f296be1a6ab683b6e170f17a46d87
SHA512

8333ca88917e5d7a798644af1ee312b0efc828b838b9488b6ce73a5ce2eb9c0a3c775c89940fc353f66a0071540c77baf087a8d0a344f658c834ea16c6d3cd2b
SSDEEP

3072:p7idku/6uJkSWyx7b5Fy2U9lD0aLeGuxnfw6wxn4DLfbU:QdmFwy2R+OD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0e3691dcda2e241be5694fbaf418a79e8b1f296be1a6ab683b6e170f17a46d87
- Size
  
  128KB
- MD5
  
  7462935b17bd205e9465ba34504bd60d
- SHA1
  
  95428bd87b271e2b8bca0040ec0711757309ed1d
- SHA256
  
  0e3691dcda2e241be5694fbaf418a79e8b1f296be1a6ab683b6e170f17a46d87
- SHA512
  
  8333ca88917e5d7a798644af1ee312b0efc828b838b9488b6ce73a5ce2eb9c0a3c775c89940fc353f66a0071540c77baf087a8d0a344f658c834ea16c6d3cd2b
- SSDEEP
  
  3072:p7idku/6uJkSWyx7b5Fy2U9lD0aLeGuxnfw6wxn4DLfbU:QdmFwy2R+OD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence