ed6666195414a4a65520dfb8bac53a58e41159b21809a444267d319c7e8b4ed4 | Triage

Submit
Reports

Overview

overview

Static

static

ed66661954...d4.exe

windows7-x64

ed66661954...d4.exe

windows10-2004-x64

Sharing

General

Target

ed6666195414a4a65520dfb8bac53a58e41159b21809a444267d319c7e8b4ed4
Size

344KB
Sample

221205-3s2fpshd37
MD5

26b45da5cd70b94a27d4622cc1a9644d
SHA1

ba825a3a63693ef98086add9d0d38c3341b154d6
SHA256

ed6666195414a4a65520dfb8bac53a58e41159b21809a444267d319c7e8b4ed4
SHA512

5fa7904c684cc008fd474cf6e3a050f67abf0cab3e7b82c8cb3c8387a027b95f5cace0ecf8bcf4b2e2b7ee2be7504db6c8494ff49517606e0f202dab34ef5229
SSDEEP

6144:TvDoi6eqaPzJwCT0znucerL3tjRs2Ufg/4t/S2rBTATZUEUxDuus5As01uudY+o8:zoaPfjRsQ6S2NdX5oeCs

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

ed6666195414a4a65520dfb8bac53a58e41159b21809a444267d319c7e8b4ed4.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ed6666195414a4a65520dfb8bac53a58e41159b21809a444267d319c7e8b4ed4.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ed6666195414a4a65520dfb8bac53a58e41159b21809a444267d319c7e8b4ed4
- Size
  
  344KB
- MD5
  
  26b45da5cd70b94a27d4622cc1a9644d
- SHA1
  
  ba825a3a63693ef98086add9d0d38c3341b154d6
- SHA256
  
  ed6666195414a4a65520dfb8bac53a58e41159b21809a444267d319c7e8b4ed4
- SHA512
  
  5fa7904c684cc008fd474cf6e3a050f67abf0cab3e7b82c8cb3c8387a027b95f5cace0ecf8bcf4b2e2b7ee2be7504db6c8494ff49517606e0f202dab34ef5229
- SSDEEP
  
  6144:TvDoi6eqaPzJwCT0znucerL3tjRs2Ufg/4t/S2rBTATZUEUxDuus5As01uudY+o8:zoaPfjRsQ6S2NdX5oeCs
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.