e02329981533f8458f985e7ed33d34ed318ec854d4e93b05a02591ba14e98a58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e02329981533f8458f985e7ed33d34ed318ec854d4e93b05a02591ba14e98a58
Size

168KB
Sample

221201-3y2cwsde33
MD5

a4b2c9cc55a51e6cedf312771cf08cf9
SHA1

28336c770edf54a21b324ef899190c7c5e6f77a6
SHA256

e02329981533f8458f985e7ed33d34ed318ec854d4e93b05a02591ba14e98a58
SHA512

9e536bc4df976d4c1711fb2b931306ce2f74a8c1ee271ba7d1c26cf35a4f80988281f8254b77ddd27d7df2f3e19948a5b2b1004e713adb9939c8306480b73c49
SSDEEP

3072:Zu1zrG7FBTZCchor5KFjvFP5YCkvJnnqL:YNk7ha5KFjNchG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e02329981533f8458f985e7ed33d34ed318ec854d4e93b05a02591ba14e98a58
- Size
  
  168KB
- MD5
  
  a4b2c9cc55a51e6cedf312771cf08cf9
- SHA1
  
  28336c770edf54a21b324ef899190c7c5e6f77a6
- SHA256
  
  e02329981533f8458f985e7ed33d34ed318ec854d4e93b05a02591ba14e98a58
- SHA512
  
  9e536bc4df976d4c1711fb2b931306ce2f74a8c1ee271ba7d1c26cf35a4f80988281f8254b77ddd27d7df2f3e19948a5b2b1004e713adb9939c8306480b73c49
- SSDEEP
  
  3072:Zu1zrG7FBTZCchor5KFjvFP5YCkvJnnqL:YNk7ha5KFjNchG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence