5ee2bcf369118eb9e1fe9f73feca182ae5876af5353c9dae492c7aa5628d62a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ee2bcf369118eb9e1fe9f73feca182ae5876af5353c9dae492c7aa5628d62a0
Size

244KB
Sample

221201-3c54ysbf43
MD5

be008f5180e7ebc854a7023b18939f1c
SHA1

217d74cfde5a9823121055fc27b7a38fb211135c
SHA256

5ee2bcf369118eb9e1fe9f73feca182ae5876af5353c9dae492c7aa5628d62a0
SHA512

3725a4e7d877ea3c716b872e255f3a1f368622105c8294365f3ed5657cdb9e4ce96a717fc0e3a1a56303fa5238ab4e12697731698ca6b3b88a721af3adc2a15e
SSDEEP

3072:ByY+mN+L1fyLFxoMPlQw4I5coBBBT+42uxcYxGw4aqosAm+wGa:oYpNUIfBTAut4aqosAm+wD

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5ee2bcf369118eb9e1fe9f73feca182ae5876af5353c9dae492c7aa5628d62a0
- Size
  
  244KB
- MD5
  
  be008f5180e7ebc854a7023b18939f1c
- SHA1
  
  217d74cfde5a9823121055fc27b7a38fb211135c
- SHA256
  
  5ee2bcf369118eb9e1fe9f73feca182ae5876af5353c9dae492c7aa5628d62a0
- SHA512
  
  3725a4e7d877ea3c716b872e255f3a1f368622105c8294365f3ed5657cdb9e4ce96a717fc0e3a1a56303fa5238ab4e12697731698ca6b3b88a721af3adc2a15e
- SSDEEP
  
  3072:ByY+mN+L1fyLFxoMPlQw4I5coBBBT+42uxcYxGw4aqosAm+wGa:oYpNUIfBTAut4aqosAm+wD
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence