e0e1fb23c46ca7c5b81faded225f6ff176d69e938b10a992e360e1cf7a598ad8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0e1fb23c46ca7c5b81faded225f6ff176d69e938b10a992e360e1cf7a598ad8
Size

100KB
Sample

221129-ve3slsbb61
MD5

1ee4ce13b367789586893126bccb17e0
SHA1

dc2cc4877537e765ee32211fdd17dcb8fcf8541a
SHA256

e0e1fb23c46ca7c5b81faded225f6ff176d69e938b10a992e360e1cf7a598ad8
SHA512

48f220e17c2797bc94382a9cae729769be98b93a62135ae19de74b46510d80913d9b17c6aca8b82f04f91d7e0a3baf02ca8777729f5d29168cef5e0d826f8834
SSDEEP

1536:PC/8iAuismyWsjKCWRw0wF9MGM9K/lKtNgCMbATbL3N+NM5EfsNIjnZUc:qjKHtTLOM57CnCc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e0e1fb23c46ca7c5b81faded225f6ff176d69e938b10a992e360e1cf7a598ad8
- Size
  
  100KB
- MD5
  
  1ee4ce13b367789586893126bccb17e0
- SHA1
  
  dc2cc4877537e765ee32211fdd17dcb8fcf8541a
- SHA256
  
  e0e1fb23c46ca7c5b81faded225f6ff176d69e938b10a992e360e1cf7a598ad8
- SHA512
  
  48f220e17c2797bc94382a9cae729769be98b93a62135ae19de74b46510d80913d9b17c6aca8b82f04f91d7e0a3baf02ca8777729f5d29168cef5e0d826f8834
- SSDEEP
  
  1536:PC/8iAuismyWsjKCWRw0wF9MGM9K/lKtNgCMbATbL3N+NM5EfsNIjnZUc:qjKHtTLOM57CnCc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence