ef4498460b299442b3000c4aebda7449e86c8a371507613209580e5fc9cb0b56 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef4498460b299442b3000c4aebda7449e86c8a371507613209580e5fc9cb0b56
Size

160KB
Sample

221203-xpkqwsbd4z
MD5

0fc1cf3f85574010a23f7c53f1d3e174
SHA1

93be5d7cb5e53afef37986d3240e072d01d68ce6
SHA256

ef4498460b299442b3000c4aebda7449e86c8a371507613209580e5fc9cb0b56
SHA512

3c3d6f2efae3a2d4ce532c4b0da534da771fbb49717e39b42055399bebdbb28e7ca5045da3f3937a6c63bc66a5fa9362247a9f91ca5baf104a18f8b1020e9561
SSDEEP

3072:p6kT5dapGlY0wRmWOl5i6wJjHQgQzEIbdt:p7VdVFwRmWcuad

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ef4498460b299442b3000c4aebda7449e86c8a371507613209580e5fc9cb0b56
- Size
  
  160KB
- MD5
  
  0fc1cf3f85574010a23f7c53f1d3e174
- SHA1
  
  93be5d7cb5e53afef37986d3240e072d01d68ce6
- SHA256
  
  ef4498460b299442b3000c4aebda7449e86c8a371507613209580e5fc9cb0b56
- SHA512
  
  3c3d6f2efae3a2d4ce532c4b0da534da771fbb49717e39b42055399bebdbb28e7ca5045da3f3937a6c63bc66a5fa9362247a9f91ca5baf104a18f8b1020e9561
- SSDEEP
  
  3072:p6kT5dapGlY0wRmWOl5i6wJjHQgQzEIbdt:p7VdVFwRmWcuad
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence