8ea583885a75dd96cad8c484e186e06f79ef98d549d551f84506ead1495b4373 | Triage

Sharing

General

Target

8ea583885a75dd96cad8c484e186e06f79ef98d549d551f84506ead1495b4373
Size

228KB
Sample

221201-24wh6aea6s
MD5

378320f877c24e3998be2c810beb18ee
SHA1

b58b2730801592c894e6bcf5859037a4d53a9186
SHA256

8ea583885a75dd96cad8c484e186e06f79ef98d549d551f84506ead1495b4373
SHA512

ed2fec147e2aff8da70555192dc6b2e668dd7eca989f6f8b59763d3da8e39822ddc300acffcf3ebafb826419882570de80a1819ba9999f39a41dcc44291176e2
SSDEEP

3072:3fCnKOFCsv/CL0ns7bFtRdVWCyiHCN1ps/N:anRIsi1HFj/WCyiHCNfs1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8ea583885a75dd96cad8c484e186e06f79ef98d549d551f84506ead1495b4373
- Size
  
  228KB
- MD5
  
  378320f877c24e3998be2c810beb18ee
- SHA1
  
  b58b2730801592c894e6bcf5859037a4d53a9186
- SHA256
  
  8ea583885a75dd96cad8c484e186e06f79ef98d549d551f84506ead1495b4373
- SHA512
  
  ed2fec147e2aff8da70555192dc6b2e668dd7eca989f6f8b59763d3da8e39822ddc300acffcf3ebafb826419882570de80a1819ba9999f39a41dcc44291176e2
- SSDEEP
  
  3072:3fCnKOFCsv/CL0ns7bFtRdVWCyiHCN1ps/N:anRIsi1HFj/WCyiHCNfs1
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence