e6dca7b20c3974585e8e86ed60a076662e7c4bbe8ac8792b26b6576ddfe0d7ed | Triage

Sharing

General

Target

e6dca7b20c3974585e8e86ed60a076662e7c4bbe8ac8792b26b6576ddfe0d7ed
Size

136KB
Sample

221202-3lnk9sef55
MD5

d7b1268699667937f37a6fef0c52c509
SHA1

c92ae24a0c52ec60527c01deeb0eb4fe7ba55370
SHA256

e6dca7b20c3974585e8e86ed60a076662e7c4bbe8ac8792b26b6576ddfe0d7ed
SHA512

53b5cb08f5f89c0bbdc58bb1e5adfbd8c210c2b932821dcfb2a21cc11ffb5ac9f0ca00369bf8aff9d3ee46e374fe56b90cbc19feb62f80928f081a4e0c8fe953
SSDEEP

3072:tyPRRG/J9t538E6tZqAwZh5dKzio3CfNynXp5ucK1FaeHX0WRyn:oP9kAwWiHEWRG

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e6dca7b20c3974585e8e86ed60a076662e7c4bbe8ac8792b26b6576ddfe0d7ed
- Size
  
  136KB
- MD5
  
  d7b1268699667937f37a6fef0c52c509
- SHA1
  
  c92ae24a0c52ec60527c01deeb0eb4fe7ba55370
- SHA256
  
  e6dca7b20c3974585e8e86ed60a076662e7c4bbe8ac8792b26b6576ddfe0d7ed
- SHA512
  
  53b5cb08f5f89c0bbdc58bb1e5adfbd8c210c2b932821dcfb2a21cc11ffb5ac9f0ca00369bf8aff9d3ee46e374fe56b90cbc19feb62f80928f081a4e0c8fe953
- SSDEEP
  
  3072:tyPRRG/J9t538E6tZqAwZh5dKzio3CfNynXp5ucK1FaeHX0WRyn:oP9kAwWiHEWRG
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence