e1e039bf2769a3d4dc824f359c6ad4fdbb569196c9d57fb9d856d634161ab526 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1e039bf2769a3d4dc824f359c6ad4fdbb569196c9d57fb9d856d634161ab526
Size

466KB
Sample

221204-d47z7agf9y
MD5

014b0458d60ed4b112a24bdb1d0078e1
SHA1

72150117e05c0e2eb5de38a9a410a72ed7a435ac
SHA256

e1e039bf2769a3d4dc824f359c6ad4fdbb569196c9d57fb9d856d634161ab526
SHA512

d4313a204eed0a8d61bfcb5e70b1cd76b59ea2ec3169be800e1ce44163b2c4c1ad549ee3a21f994d1a4984d8fdf698f5b14d93e6e666713c72ea581308269a71
SSDEEP

12288:s8OlyjDv0y1vGXx3Hfb2qQBkT4sBxjHEd/sKr:sJl4v0NhPb25kT5adsKr

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e1e039bf2769a3d4dc824f359c6ad4fdbb569196c9d57fb9d856d634161ab526
- Size
  
  466KB
- MD5
  
  014b0458d60ed4b112a24bdb1d0078e1
- SHA1
  
  72150117e05c0e2eb5de38a9a410a72ed7a435ac
- SHA256
  
  e1e039bf2769a3d4dc824f359c6ad4fdbb569196c9d57fb9d856d634161ab526
- SHA512
  
  d4313a204eed0a8d61bfcb5e70b1cd76b59ea2ec3169be800e1ce44163b2c4c1ad549ee3a21f994d1a4984d8fdf698f5b14d93e6e666713c72ea581308269a71
- SSDEEP
  
  12288:s8OlyjDv0y1vGXx3Hfb2qQBkT4sBxjHEd/sKr:sJl4v0NhPb25kT5adsKr
Score

8^/10

evasion persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence