e3dc7facef810c9b10dc20b81e8c96a008d13d11a38dafbca1b00d4137fe72ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e3dc7facef810c9b10dc20b81e8c96a008d13d11a38dafbca1b00d4137fe72ae
Size

104KB
Sample

221205-k8eyjaed72
MD5

a50f03c8b86c7eb2aadb0a4d6e4bc614
SHA1

71158ea58e9d79665a2d66d935797dab39810d40
SHA256

e3dc7facef810c9b10dc20b81e8c96a008d13d11a38dafbca1b00d4137fe72ae
SHA512

bb9087f53e3de729b01e2dc17faf5fe3798bac75682a21b06c38f583224fa4f9a9c8cef319dca77883def855b299f39bbdc6152f8c25897f36a9e5127ed9f39d
SSDEEP

1536:QpLRvx+u+s+HBchhQKNIqpOcQv0sTEFSocloXjLl03F:M5+eiKNZJQv0sTNo3m3F

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e3dc7facef810c9b10dc20b81e8c96a008d13d11a38dafbca1b00d4137fe72ae
- Size
  
  104KB
- MD5
  
  a50f03c8b86c7eb2aadb0a4d6e4bc614
- SHA1
  
  71158ea58e9d79665a2d66d935797dab39810d40
- SHA256
  
  e3dc7facef810c9b10dc20b81e8c96a008d13d11a38dafbca1b00d4137fe72ae
- SHA512
  
  bb9087f53e3de729b01e2dc17faf5fe3798bac75682a21b06c38f583224fa4f9a9c8cef319dca77883def855b299f39bbdc6152f8c25897f36a9e5127ed9f39d
- SSDEEP
  
  1536:QpLRvx+u+s+HBchhQKNIqpOcQv0sTEFSocloXjLl03F:M5+eiKNZJQv0sTNo3m3F
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence