e3d8fdc6303d477b14d37ce6a8cc7d48435f671be09e3167b2572d83871e583d | Triage

Sharing

General

Target

e3d8fdc6303d477b14d37ce6a8cc7d48435f671be09e3167b2572d83871e583d
Size

224KB
Sample

221201-3wlvesdc56
MD5

aaa038a4afb70a3c98428b934ec9ef02
SHA1

289cbf33bf472e7ae6ec82d67d85d40386415480
SHA256

e3d8fdc6303d477b14d37ce6a8cc7d48435f671be09e3167b2572d83871e583d
SHA512

19c4be51eeffb8225db102b54b3fedf39ac3f3ba613d913022242e561151e68fe712557820e5c8315508f0d2ec38b894e0b14147994dc1b6b40c2fbe24cac07e
SSDEEP

6144:mFILyFdn53qLowKnvmb7/D26NID5UR2uNhVc5QTI/Mfqcp:mWL+n53qLowKnvmb7/D26rVc5AIMfqcp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e3d8fdc6303d477b14d37ce6a8cc7d48435f671be09e3167b2572d83871e583d
- Size
  
  224KB
- MD5
  
  aaa038a4afb70a3c98428b934ec9ef02
- SHA1
  
  289cbf33bf472e7ae6ec82d67d85d40386415480
- SHA256
  
  e3d8fdc6303d477b14d37ce6a8cc7d48435f671be09e3167b2572d83871e583d
- SHA512
  
  19c4be51eeffb8225db102b54b3fedf39ac3f3ba613d913022242e561151e68fe712557820e5c8315508f0d2ec38b894e0b14147994dc1b6b40c2fbe24cac07e
- SSDEEP
  
  6144:mFILyFdn53qLowKnvmb7/D26NID5UR2uNhVc5QTI/Mfqcp:mWL+n53qLowKnvmb7/D26rVc5AIMfqcp
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence