e18d6ebe5da706c8e4b655e4483f730b097eecba0de5beb360bd260aef4c0354 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e18d6ebe5da706c8e4b655e4483f730b097eecba0de5beb360bd260aef4c0354
Size

304KB
Sample

221129-t7kxtsad3z
MD5

bf92b876764c261cfc188a5e437af23d
SHA1

5f38326deea8f544df7f6a0d1d498cf2ce10fdb6
SHA256

e18d6ebe5da706c8e4b655e4483f730b097eecba0de5beb360bd260aef4c0354
SHA512

78171abf8c0bc4ba354c76ee09153ce1e9919271ece1c07ff09b86c57490b32c1f878d6b3165ea79a13fd28e4ce32a39654619e8f32d41dd682d8c9023695ef3
SSDEEP

3072:JPGOaEaAaTG0kZSmA2Lvxqc+rqMop2aEaLFra+7pvPSvB4r:64Aw5cqylaRS2

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e18d6ebe5da706c8e4b655e4483f730b097eecba0de5beb360bd260aef4c0354
- Size
  
  304KB
- MD5
  
  bf92b876764c261cfc188a5e437af23d
- SHA1
  
  5f38326deea8f544df7f6a0d1d498cf2ce10fdb6
- SHA256
  
  e18d6ebe5da706c8e4b655e4483f730b097eecba0de5beb360bd260aef4c0354
- SHA512
  
  78171abf8c0bc4ba354c76ee09153ce1e9919271ece1c07ff09b86c57490b32c1f878d6b3165ea79a13fd28e4ce32a39654619e8f32d41dd682d8c9023695ef3
- SSDEEP
  
  3072:JPGOaEaAaTG0kZSmA2Lvxqc+rqMop2aEaLFra+7pvPSvB4r:64Aw5cqylaRS2
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence