5ec537f3d1667debc73a1409b0aab7dd608a07be3d8a844ed9484c3cdc0b7e59 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ec537f3d1667debc73a1409b0aab7dd608a07be3d8a844ed9484c3cdc0b7e59
Size

228KB
Sample

221129-dksq6ahh75
MD5

6ada43ebb2e5d020af25b5d9b7f5f34f
SHA1

45570664fa5ec5693266926cea564fc617974a89
SHA256

5ec537f3d1667debc73a1409b0aab7dd608a07be3d8a844ed9484c3cdc0b7e59
SHA512

be5ec759753c75f569b2c7f81f3898e5382d27a0bb7c644cb8e297284cdf1b2905613469453a2f56618ae48391efcf0a5f76624d67474dd703dcd4bec423a1b3
SSDEEP

6144:kmi3PFKs7aFwKWwalhrEqxF6snji81RUinKZHg/jF:kmAPhAmZIH+x

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5ec537f3d1667debc73a1409b0aab7dd608a07be3d8a844ed9484c3cdc0b7e59
- Size
  
  228KB
- MD5
  
  6ada43ebb2e5d020af25b5d9b7f5f34f
- SHA1
  
  45570664fa5ec5693266926cea564fc617974a89
- SHA256
  
  5ec537f3d1667debc73a1409b0aab7dd608a07be3d8a844ed9484c3cdc0b7e59
- SHA512
  
  be5ec759753c75f569b2c7f81f3898e5382d27a0bb7c644cb8e297284cdf1b2905613469453a2f56618ae48391efcf0a5f76624d67474dd703dcd4bec423a1b3
- SSDEEP
  
  6144:kmi3PFKs7aFwKWwalhrEqxF6snji81RUinKZHg/jF:kmAPhAmZIH+x
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence