5e5d7a9a580ffce4329a4457304199b0d2560a6e4df1630ed9a04c11fa9184ef | Triage

Sharing

General

Target

5e5d7a9a580ffce4329a4457304199b0d2560a6e4df1630ed9a04c11fa9184ef
Size

116KB
Sample

221204-nqpxkaab9t
MD5

702235684c67619271724f2b0163961e
SHA1

2591fdecbcd671880fe89c0b1814f834db31f9c5
SHA256

5e5d7a9a580ffce4329a4457304199b0d2560a6e4df1630ed9a04c11fa9184ef
SHA512

8548ff41e7ae384e300905868d5e40a0a71320461cc8c7a642c870d0fbc3e0ff820ecb47c9744d6f2babf516290af0eafc779a3ecfa88e271ed7f6ce787f2918
SSDEEP

3072:mav7777777777777777yE7777777777777777777aa3yL:i83S

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  5e5d7a9a580ffce4329a4457304199b0d2560a6e4df1630ed9a04c11fa9184ef
- Size
  
  116KB
- MD5
  
  702235684c67619271724f2b0163961e
- SHA1
  
  2591fdecbcd671880fe89c0b1814f834db31f9c5
- SHA256
  
  5e5d7a9a580ffce4329a4457304199b0d2560a6e4df1630ed9a04c11fa9184ef
- SHA512
  
  8548ff41e7ae384e300905868d5e40a0a71320461cc8c7a642c870d0fbc3e0ff820ecb47c9744d6f2babf516290af0eafc779a3ecfa88e271ed7f6ce787f2918
- SSDEEP
  
  3072:mav7777777777777777yE7777777777777777777aa3yL:i83S
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence