de0be96e2f6e851e9839cf839fca7ec86e07d8d745d936c8a8dcbe9efddc54b3 | Triage

Sharing

General

Target

de0be96e2f6e851e9839cf839fca7ec86e07d8d745d936c8a8dcbe9efddc54b3
Size

68KB
Sample

221127-t2ztssbh58
MD5

81f7efe3adda0f0002ba7f1fe330d737
SHA1

fe18182149ba916faa62541a5eee98ea181d1fc4
SHA256

de0be96e2f6e851e9839cf839fca7ec86e07d8d745d936c8a8dcbe9efddc54b3
SHA512

55d620d10f9818bb779ea85130e1d4e2827d240d03b6cfe7a5bc97f84bd478941c715e4c54b67671bfba0cd537f6291f18b41cd814f9c2212bee9a223951d475
SSDEEP

768:kcYliTdKUAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:jYIxTAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  de0be96e2f6e851e9839cf839fca7ec86e07d8d745d936c8a8dcbe9efddc54b3
- Size
  
  68KB
- MD5
  
  81f7efe3adda0f0002ba7f1fe330d737
- SHA1
  
  fe18182149ba916faa62541a5eee98ea181d1fc4
- SHA256
  
  de0be96e2f6e851e9839cf839fca7ec86e07d8d745d936c8a8dcbe9efddc54b3
- SHA512
  
  55d620d10f9818bb779ea85130e1d4e2827d240d03b6cfe7a5bc97f84bd478941c715e4c54b67671bfba0cd537f6291f18b41cd814f9c2212bee9a223951d475
- SSDEEP
  
  768:kcYliTdKUAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:jYIxTAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence