8e1131d634538379513c149b9d7c1bb9e23e9b4b01c241df047e250e38845ea5 | Triage

Sharing

General

Target

8e1131d634538379513c149b9d7c1bb9e23e9b4b01c241df047e250e38845ea5
Size

124KB
Sample

221202-ac4xnsdh75
MD5

dc419f838300e1ba7c20f5c92406d599
SHA1

bfb46eb0eda32be5784e7fa888b9480ecb498b4b
SHA256

8e1131d634538379513c149b9d7c1bb9e23e9b4b01c241df047e250e38845ea5
SHA512

ae8a8746ee0d69b0122eae21db3e3b0e15d822234d120fb7001e72ecba536c4fccb7e71a5ea25bc8ce206a59ff1658ed73bd0321b6db6c3c6f863a64fb3997cc
SSDEEP

3072:YaAfUEiZ/w0KrQKGcNqnGrD6uvIepyJS6f17reU:YhfiZ/wbrQKGciwQJr

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8e1131d634538379513c149b9d7c1bb9e23e9b4b01c241df047e250e38845ea5
- Size
  
  124KB
- MD5
  
  dc419f838300e1ba7c20f5c92406d599
- SHA1
  
  bfb46eb0eda32be5784e7fa888b9480ecb498b4b
- SHA256
  
  8e1131d634538379513c149b9d7c1bb9e23e9b4b01c241df047e250e38845ea5
- SHA512
  
  ae8a8746ee0d69b0122eae21db3e3b0e15d822234d120fb7001e72ecba536c4fccb7e71a5ea25bc8ce206a59ff1658ed73bd0321b6db6c3c6f863a64fb3997cc
- SSDEEP
  
  3072:YaAfUEiZ/w0KrQKGcNqnGrD6uvIepyJS6f17reU:YhfiZ/wbrQKGciwQJr
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence