d1eb6e5543b6a857e9361a90652cf027f31f0e45f6aa7ea6fee5a2637d1fc82c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1eb6e5543b6a857e9361a90652cf027f31f0e45f6aa7ea6fee5a2637d1fc82c
Size

148KB
Sample

221204-ngc7eahd3s
MD5

a91b50a5feb9878067f717df55e083e2
SHA1

769f42532bedfcce3b39ccc5f45c157053d6790e
SHA256

d1eb6e5543b6a857e9361a90652cf027f31f0e45f6aa7ea6fee5a2637d1fc82c
SHA512

48d98fba4c60012afe0a19611428839b05140a7507fdd79ed97c9badc2b20c47b3c96551b45ccce5fc3c9ab69f05665198415955d39b8b9bd2b27d6da8a1418e
SSDEEP

3072:Qdo+qgRs59j/pvkqBBac+RAGq1bg7Yfgst6OzOS79pgRZkhQJAOAU4oQZiEEXKGz:eoPbj/pvkqBBac+RAGq1bZHtrzOS77kx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d1eb6e5543b6a857e9361a90652cf027f31f0e45f6aa7ea6fee5a2637d1fc82c
- Size
  
  148KB
- MD5
  
  a91b50a5feb9878067f717df55e083e2
- SHA1
  
  769f42532bedfcce3b39ccc5f45c157053d6790e
- SHA256
  
  d1eb6e5543b6a857e9361a90652cf027f31f0e45f6aa7ea6fee5a2637d1fc82c
- SHA512
  
  48d98fba4c60012afe0a19611428839b05140a7507fdd79ed97c9badc2b20c47b3c96551b45ccce5fc3c9ab69f05665198415955d39b8b9bd2b27d6da8a1418e
- SSDEEP
  
  3072:Qdo+qgRs59j/pvkqBBac+RAGq1bg7Yfgst6OzOS79pgRZkhQJAOAU4oQZiEEXKGz:eoPbj/pvkqBBac+RAGq1bZHtrzOS77kx
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence