3ed650922cf603700870512f2d602605ac45d156947b4d9442924fbeb290fa4b | Triage

Sharing

General

Target

3ed650922cf603700870512f2d602605ac45d156947b4d9442924fbeb290fa4b
Size

48KB
Sample

221128-eszecahh6x
MD5

16596ffe6dd9f2ff7f6ac5602ce8b73b
SHA1

9123d005c63e2dc9b7b8acf96b0860a2bd29d58d
SHA256

3ed650922cf603700870512f2d602605ac45d156947b4d9442924fbeb290fa4b
SHA512

ea2bdf39e9fd5da1146c4ab5f18ba1b7c8fd76808298bd53bfe3a94e1f204172ee4b5723d1f423eb4faba53a734ff96ac6eb322d85e9b33b535d21860e6f24dd
SSDEEP

768:pkNEJbl6heGn8M6HtgTVH7NHaurxmWXOQfwoObuPb77eU:pIExu8M6Hml5lXAoO+H7d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3ed650922cf603700870512f2d602605ac45d156947b4d9442924fbeb290fa4b
- Size
  
  48KB
- MD5
  
  16596ffe6dd9f2ff7f6ac5602ce8b73b
- SHA1
  
  9123d005c63e2dc9b7b8acf96b0860a2bd29d58d
- SHA256
  
  3ed650922cf603700870512f2d602605ac45d156947b4d9442924fbeb290fa4b
- SHA512
  
  ea2bdf39e9fd5da1146c4ab5f18ba1b7c8fd76808298bd53bfe3a94e1f204172ee4b5723d1f423eb4faba53a734ff96ac6eb322d85e9b33b535d21860e6f24dd
- SSDEEP
  
  768:pkNEJbl6heGn8M6HtgTVH7NHaurxmWXOQfwoObuPb77eU:pIExu8M6Hml5lXAoO+H7d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence