e75f01f4d0babc54949de065c864d3997326506849bd0adad0491a23d6b6a8e5 | Triage

Sharing

General

Target

e75f01f4d0babc54949de065c864d3997326506849bd0adad0491a23d6b6a8e5
Size

6.0MB
Sample

221202-2vet2scc44
MD5

fd4db948be621f87de27f230c3169101
SHA1

b1bb461b69897da482978e696040c074b3691680
SHA256

e75f01f4d0babc54949de065c864d3997326506849bd0adad0491a23d6b6a8e5
SHA512

dac0fa6e594b980217f4bfd138b652fed4cc6da07135ae5847f77948ad4446633ae7fb279464e6d281c2395ea4e76d8ec26d7c204e599e181c4a2de6bc699375
SSDEEP

384:swGx6sLtvVTdvI269d/61zJ4AZ9uFVPSaNJawcudoD7UwQu:S6gtldvIbj61zJzIznbcuyD7Uwz

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e75f01f4d0babc54949de065c864d3997326506849bd0adad0491a23d6b6a8e5
- Size
  
  6.0MB
- MD5
  
  fd4db948be621f87de27f230c3169101
- SHA1
  
  b1bb461b69897da482978e696040c074b3691680
- SHA256
  
  e75f01f4d0babc54949de065c864d3997326506849bd0adad0491a23d6b6a8e5
- SHA512
  
  dac0fa6e594b980217f4bfd138b652fed4cc6da07135ae5847f77948ad4446633ae7fb279464e6d281c2395ea4e76d8ec26d7c204e599e181c4a2de6bc699375
- SSDEEP
  
  384:swGx6sLtvVTdvI269d/61zJ4AZ9uFVPSaNJawcudoD7UwQu:S6gtldvIbj61zJzIznbcuyD7Uwz
Score

8^/10

evasion persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence