ec9fe0f6735903c0bc39360d6da0d3401f7b2e18f5fc1648268e6ad3b0e8f69e | Triage

Sharing

General

Target

ec9fe0f6735903c0bc39360d6da0d3401f7b2e18f5fc1648268e6ad3b0e8f69e
Size

120KB
Sample

221204-nqlj5sed32
MD5

04731b909650440fc1d4af07387c8200
SHA1

14ccc75e6259bd530808bccb51b13fa6522c46ca
SHA256

ec9fe0f6735903c0bc39360d6da0d3401f7b2e18f5fc1648268e6ad3b0e8f69e
SHA512

3e54654e1902de6c456f5b6386996fc783143bc96f09e806c002c78d5bb5e1ea3abbce252ea62bde2f1a5d076991f770c9c40b3cf8839ccd4e6b1205ec039799
SSDEEP

3072:Y6v7777777777777777H77777777777777777777777777777tUaIqcNBcro:7UaILNBcc

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ec9fe0f6735903c0bc39360d6da0d3401f7b2e18f5fc1648268e6ad3b0e8f69e
- Size
  
  120KB
- MD5
  
  04731b909650440fc1d4af07387c8200
- SHA1
  
  14ccc75e6259bd530808bccb51b13fa6522c46ca
- SHA256
  
  ec9fe0f6735903c0bc39360d6da0d3401f7b2e18f5fc1648268e6ad3b0e8f69e
- SHA512
  
  3e54654e1902de6c456f5b6386996fc783143bc96f09e806c002c78d5bb5e1ea3abbce252ea62bde2f1a5d076991f770c9c40b3cf8839ccd4e6b1205ec039799
- SSDEEP
  
  3072:Y6v7777777777777777H77777777777777777777777777777tUaIqcNBcro:7UaILNBcc
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence