e786564c37ffe1ca91fa52c8a66d3b4a5c8922005d129552bde37bbf1394ab5c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e786564c37ffe1ca91fa52c8a66d3b4a5c8922005d129552bde37bbf1394ab5c
Size

296KB
Sample

221205-3lkjlsgg92
MD5

75f35419a881f1a934be032010a5263d
SHA1

baedf8cbd26cdb72df6ca9b397e06817908d0bfb
SHA256

e786564c37ffe1ca91fa52c8a66d3b4a5c8922005d129552bde37bbf1394ab5c
SHA512

de76c98526804e614ef7a80a1b6f0704d8b6059b4bf3290744393dcd7836e0d11acf3f037ead8689d2686cbba85f3f305a2f83d41a648aaf5e760c7350c74283
SSDEEP

6144:KV5tjO1V0uKnvmb7/D26CVrBROjD8R4F0jI+UNc5ynagM/eSpbN1AyllZI4DS7Y8:KntjO1V0uKnvmb7/D26lD8R4F0jI+UNM

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e786564c37ffe1ca91fa52c8a66d3b4a5c8922005d129552bde37bbf1394ab5c
- Size
  
  296KB
- MD5
  
  75f35419a881f1a934be032010a5263d
- SHA1
  
  baedf8cbd26cdb72df6ca9b397e06817908d0bfb
- SHA256
  
  e786564c37ffe1ca91fa52c8a66d3b4a5c8922005d129552bde37bbf1394ab5c
- SHA512
  
  de76c98526804e614ef7a80a1b6f0704d8b6059b4bf3290744393dcd7836e0d11acf3f037ead8689d2686cbba85f3f305a2f83d41a648aaf5e760c7350c74283
- SSDEEP
  
  6144:KV5tjO1V0uKnvmb7/D26CVrBROjD8R4F0jI+UNc5ynagM/eSpbN1AyllZI4DS7Y8:KntjO1V0uKnvmb7/D26lD8R4F0jI+UNM
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence