e37fecafa7ef6cf03a0c28eb79652349194c31befe2b0b3a9cf6f1da9991ae16 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e37fecafa7ef6cf03a0c28eb79652349194c31befe2b0b3a9cf6f1da9991ae16
Size

148KB
Sample

221205-3bd9vaga92
MD5

c5ad9a72d77978b39342be942e918c8d
SHA1

cc691c37c0b4ddccd6469bb124111a8bc87a8a34
SHA256

e37fecafa7ef6cf03a0c28eb79652349194c31befe2b0b3a9cf6f1da9991ae16
SHA512

e66f1161419b5f2ee253d564f484da3b3e2fb263cbc7eb7dd6e126701e0b0a556f765872bfbe0f9d2894f6629537181aa5582527461f23d9a9dfc2fde4e0feee
SSDEEP

3072:/iFgQh4mRpDGq7At/yRWr2wA36nbMUq8hFOdhIk4oQZiEko:KFrh96F90Wf7nJPwdzWB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e37fecafa7ef6cf03a0c28eb79652349194c31befe2b0b3a9cf6f1da9991ae16
- Size
  
  148KB
- MD5
  
  c5ad9a72d77978b39342be942e918c8d
- SHA1
  
  cc691c37c0b4ddccd6469bb124111a8bc87a8a34
- SHA256
  
  e37fecafa7ef6cf03a0c28eb79652349194c31befe2b0b3a9cf6f1da9991ae16
- SHA512
  
  e66f1161419b5f2ee253d564f484da3b3e2fb263cbc7eb7dd6e126701e0b0a556f765872bfbe0f9d2894f6629537181aa5582527461f23d9a9dfc2fde4e0feee
- SSDEEP
  
  3072:/iFgQh4mRpDGq7At/yRWr2wA36nbMUq8hFOdhIk4oQZiEko:KFrh96F90Wf7nJPwdzWB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence