f26ebee80b90a43414717778edcdaee1a948f41776e9dc5ab3ac46b738d046c1 | Triage

Sharing

General

Target

f26ebee80b90a43414717778edcdaee1a948f41776e9dc5ab3ac46b738d046c1
Size

204KB
Sample

221129-t3kq9sfb54
MD5

15e6f62ec03f3a0bc72ced525250fa5c
SHA1

2d91dc79e9a1332dc20c393fa177ee59fa6631fe
SHA256

f26ebee80b90a43414717778edcdaee1a948f41776e9dc5ab3ac46b738d046c1
SHA512

0c4a4202d671df0baa9e9d509f84711aebdf6721dc90e3c29b4cfe3a386f6485367b948e8f8977053f8f0f7944a7598b18dc1c2a23a0cfcfdcec71b9de0bff66
SSDEEP

3072:NVe8ACpPNp5U+mzihKh8wpzDqulR3X9sDpLg6ZGKIXeYnVlDY:NVe8p/EV82llbs1g6+XbVS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f26ebee80b90a43414717778edcdaee1a948f41776e9dc5ab3ac46b738d046c1
- Size
  
  204KB
- MD5
  
  15e6f62ec03f3a0bc72ced525250fa5c
- SHA1
  
  2d91dc79e9a1332dc20c393fa177ee59fa6631fe
- SHA256
  
  f26ebee80b90a43414717778edcdaee1a948f41776e9dc5ab3ac46b738d046c1
- SHA512
  
  0c4a4202d671df0baa9e9d509f84711aebdf6721dc90e3c29b4cfe3a386f6485367b948e8f8977053f8f0f7944a7598b18dc1c2a23a0cfcfdcec71b9de0bff66
- SSDEEP
  
  3072:NVe8ACpPNp5U+mzihKh8wpzDqulR3X9sDpLg6ZGKIXeYnVlDY:NVe8p/EV82llbs1g6+XbVS
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence