e5c8624e291d8f21652c406df8d798e655be665e58667859ee639c7438fe0d23 | Triage

Sharing

General

Target

e5c8624e291d8f21652c406df8d798e655be665e58667859ee639c7438fe0d23
Size

204KB
Sample

221205-3nljpabg6s
MD5

ff36348eeb606376abceb8237bd13f13
SHA1

2c76730320e5ac7555d0e9e5d7da241b1cfbefa0
SHA256

e5c8624e291d8f21652c406df8d798e655be665e58667859ee639c7438fe0d23
SHA512

d7724b4fe5807e795c43051fe97535d48c35b6a601beecb800696adb5dfe674fed5feac7ca731974e9b1b78a2b59be57284e30d615e79b5a0be9cfca35ddd04a
SSDEEP

6144:wRMJtxNngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7IX:wRONngeO+cwjfTfGHN1Ax9uJV10BK+bq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e5c8624e291d8f21652c406df8d798e655be665e58667859ee639c7438fe0d23
- Size
  
  204KB
- MD5
  
  ff36348eeb606376abceb8237bd13f13
- SHA1
  
  2c76730320e5ac7555d0e9e5d7da241b1cfbefa0
- SHA256
  
  e5c8624e291d8f21652c406df8d798e655be665e58667859ee639c7438fe0d23
- SHA512
  
  d7724b4fe5807e795c43051fe97535d48c35b6a601beecb800696adb5dfe674fed5feac7ca731974e9b1b78a2b59be57284e30d615e79b5a0be9cfca35ddd04a
- SSDEEP
  
  6144:wRMJtxNngeO+cwjfTfGHN1RWrOy9uJV10BK+baPe3ObUrlBXvgd7Vc7IX:wRONngeO+cwjfTfGHN1Ax9uJV10BK+bq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence