e3a3d6d6d6d26b331742903c3590746d5b12ca6ddc97727443fb898598945985 | Triage

Sharing

General

Target

e3a3d6d6d6d26b331742903c3590746d5b12ca6ddc97727443fb898598945985
Size

68KB
Sample

221127-vp3klahc9s
MD5

62a85b798c999abbddb2ab0fbe4c382d
SHA1

119eb1790b771ad29349ddbeb0973db317cb159a
SHA256

e3a3d6d6d6d26b331742903c3590746d5b12ca6ddc97727443fb898598945985
SHA512

32bcd74025a847a95fd98bd75b3ac1a9d72d490f1bac84891e536925a92164dccc823166e33c47c091faa86a2b02e8553efb40160b9fab23b8f885dce76cda08
SSDEEP

768:pchliTdGIAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:WhIxrAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e3a3d6d6d6d26b331742903c3590746d5b12ca6ddc97727443fb898598945985
- Size
  
  68KB
- MD5
  
  62a85b798c999abbddb2ab0fbe4c382d
- SHA1
  
  119eb1790b771ad29349ddbeb0973db317cb159a
- SHA256
  
  e3a3d6d6d6d26b331742903c3590746d5b12ca6ddc97727443fb898598945985
- SHA512
  
  32bcd74025a847a95fd98bd75b3ac1a9d72d490f1bac84891e536925a92164dccc823166e33c47c091faa86a2b02e8553efb40160b9fab23b8f885dce76cda08
- SSDEEP
  
  768:pchliTdGIAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:WhIxrAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence