e5bd27a61e1b2b8bc57f847724a7ceb455bb6c495ce7cec3d72a2874de33c082 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e5bd27a61e1b2b8bc57f847724a7ceb455bb6c495ce7cec3d72a2874de33c082
Size

112KB
Sample

221201-2fmlcagf73
MD5

a45ae947d33874cda1fee3658ce0ea57
SHA1

b41ae592890d6525c87cd470575f961a54fadd83
SHA256

e5bd27a61e1b2b8bc57f847724a7ceb455bb6c495ce7cec3d72a2874de33c082
SHA512

8ff4ff65838847024aaf696f9b67494ae3e7facfad3fee4e2e46b3ace94f5d46b57cbcb19e31686c4e6c2ea09aad78c6abb7f20b43bf5b409c62916a68fd39e2
SSDEEP

1536:EbpIUJKz2/4e/BnZlTg9L4wPMwrLHDDG3ERz4QcJ5JMK:WbO2AeJnZYMwrrLHDDG3BJMK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e5bd27a61e1b2b8bc57f847724a7ceb455bb6c495ce7cec3d72a2874de33c082
- Size
  
  112KB
- MD5
  
  a45ae947d33874cda1fee3658ce0ea57
- SHA1
  
  b41ae592890d6525c87cd470575f961a54fadd83
- SHA256
  
  e5bd27a61e1b2b8bc57f847724a7ceb455bb6c495ce7cec3d72a2874de33c082
- SHA512
  
  8ff4ff65838847024aaf696f9b67494ae3e7facfad3fee4e2e46b3ace94f5d46b57cbcb19e31686c4e6c2ea09aad78c6abb7f20b43bf5b409c62916a68fd39e2
- SSDEEP
  
  1536:EbpIUJKz2/4e/BnZlTg9L4wPMwrLHDDG3ERz4QcJ5JMK:WbO2AeJnZYMwrrLHDDG3BJMK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence