e8946e68ff10e7961f37562004e3564a6a1a007e2a3780bf816c8f24489e2f80 | Triage

Sharing

General

Target

e8946e68ff10e7961f37562004e3564a6a1a007e2a3780bf816c8f24489e2f80
Size

216KB
Sample

221205-2lrggsgf7v
MD5

fae78afa951c5ee1661520e1aa5c1299
SHA1

24ecb36499ad2dcfc2940d37feafa3057b9fc755
SHA256

e8946e68ff10e7961f37562004e3564a6a1a007e2a3780bf816c8f24489e2f80
SHA512

0d7556e9ebcad187c59f744f5805398b7499d4a96945067217b27c654b0f1ca4d45ce4b171eceac2174d45aae79442a257e71f4bf516e99a2bc9420ab6d10f36
SSDEEP

3072:28Tm79SHMdkgJTKMN6K/iAKRNamLFa8cstRfQbE+l:rMKGKMN66iA/Ut2oI

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e8946e68ff10e7961f37562004e3564a6a1a007e2a3780bf816c8f24489e2f80
- Size
  
  216KB
- MD5
  
  fae78afa951c5ee1661520e1aa5c1299
- SHA1
  
  24ecb36499ad2dcfc2940d37feafa3057b9fc755
- SHA256
  
  e8946e68ff10e7961f37562004e3564a6a1a007e2a3780bf816c8f24489e2f80
- SHA512
  
  0d7556e9ebcad187c59f744f5805398b7499d4a96945067217b27c654b0f1ca4d45ce4b171eceac2174d45aae79442a257e71f4bf516e99a2bc9420ab6d10f36
- SSDEEP
  
  3072:28Tm79SHMdkgJTKMN6K/iAKRNamLFa8cstRfQbE+l:rMKGKMN66iA/Ut2oI
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence