8e5c09b9011cb17e83870db66a058a13330f332285d0a2105d8ee615b0550a6d | Triage

Sharing

General

Target

8e5c09b9011cb17e83870db66a058a13330f332285d0a2105d8ee615b0550a6d
Size

124KB
Sample

221129-qrjs2sdb46
MD5

a94f5fcb8ddc596952ce84d3e91ccab0
SHA1

923fe633b20e1f07f43b0c12dfd3f39d01f85156
SHA256

8e5c09b9011cb17e83870db66a058a13330f332285d0a2105d8ee615b0550a6d
SHA512

c2dfd069a7cd4c7a9b21408fb81e8fa2c13665abd36ae408399f76fa31ac6a6d1a60ab001e2960743d5ea783e8b294dd7ba52035f3334abe2551b4c9e55d8381
SSDEEP

1536:+7EHhwRCuBxeDtMYHa27J14ltxporZ45i8NeG0h/l:MEHhwRCkeV6gJ1uCt45yt

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8e5c09b9011cb17e83870db66a058a13330f332285d0a2105d8ee615b0550a6d
- Size
  
  124KB
- MD5
  
  a94f5fcb8ddc596952ce84d3e91ccab0
- SHA1
  
  923fe633b20e1f07f43b0c12dfd3f39d01f85156
- SHA256
  
  8e5c09b9011cb17e83870db66a058a13330f332285d0a2105d8ee615b0550a6d
- SHA512
  
  c2dfd069a7cd4c7a9b21408fb81e8fa2c13665abd36ae408399f76fa31ac6a6d1a60ab001e2960743d5ea783e8b294dd7ba52035f3334abe2551b4c9e55d8381
- SSDEEP
  
  1536:+7EHhwRCuBxeDtMYHa27J14ltxporZ45i8NeG0h/l:MEHhwRCkeV6gJ1uCt45yt
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence