e1e7450c1f6a19daabbb5c3d25497bd3c4a743bdbfca503e4066b80110bd4194 | Triage

Sharing

General

Target

e1e7450c1f6a19daabbb5c3d25497bd3c4a743bdbfca503e4066b80110bd4194
Size

147KB
Sample

221129-vey5esbb6t
MD5

16576b657c6e74a94432baf5d089e6f0
SHA1

dad03a3144905b5e25b666cca8eed70a8099f14b
SHA256

e1e7450c1f6a19daabbb5c3d25497bd3c4a743bdbfca503e4066b80110bd4194
SHA512

d6b4bbf5af0b07a6a678c06d1f19777f45a39e93ce75998d1c290b4b7db9cd211aedc4310e9f95458e7cb63f16e857b84d218194d626ef3fca3ad7ff19d41fe4
SSDEEP

3072:356HRX1ENS6846Wtw9c2ppE18vbPQvEc6RC1z:IRXKSBbWay2ppbvnc6a

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e1e7450c1f6a19daabbb5c3d25497bd3c4a743bdbfca503e4066b80110bd4194
- Size
  
  147KB
- MD5
  
  16576b657c6e74a94432baf5d089e6f0
- SHA1
  
  dad03a3144905b5e25b666cca8eed70a8099f14b
- SHA256
  
  e1e7450c1f6a19daabbb5c3d25497bd3c4a743bdbfca503e4066b80110bd4194
- SHA512
  
  d6b4bbf5af0b07a6a678c06d1f19777f45a39e93ce75998d1c290b4b7db9cd211aedc4310e9f95458e7cb63f16e857b84d218194d626ef3fca3ad7ff19d41fe4
- SSDEEP
  
  3072:356HRX1ENS6846Wtw9c2ppE18vbPQvEc6RC1z:IRXKSBbWay2ppbvnc6a
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence