e3be3c5668f090428ef58f262dc5e2beffbb7ed264079ab9966079b88c071b04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e3be3c5668f090428ef58f262dc5e2beffbb7ed264079ab9966079b88c071b04
Size

164KB
Sample

221205-l34v5shd64
MD5

141635b9bc9419e00033aa74eb842500
SHA1

cb8eba7d1cc8400dc997dfc8dddcd0a811a87534
SHA256

e3be3c5668f090428ef58f262dc5e2beffbb7ed264079ab9966079b88c071b04
SHA512

5d7e5e697f3675b6a516784273801ed90ad4f0cd35192eac05679d3cc0acb7da1da4b8b1f66b8a831b69e10fd058c053d9c9530dd60654ce66f8a30edabf52e2
SSDEEP

3072:zWsi+Is7ZLsNgqS3oyJBYiVjEsDoZwGd1:ytgZLsNgb3oyJBYiVjOZp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e3be3c5668f090428ef58f262dc5e2beffbb7ed264079ab9966079b88c071b04
- Size
  
  164KB
- MD5
  
  141635b9bc9419e00033aa74eb842500
- SHA1
  
  cb8eba7d1cc8400dc997dfc8dddcd0a811a87534
- SHA256
  
  e3be3c5668f090428ef58f262dc5e2beffbb7ed264079ab9966079b88c071b04
- SHA512
  
  5d7e5e697f3675b6a516784273801ed90ad4f0cd35192eac05679d3cc0acb7da1da4b8b1f66b8a831b69e10fd058c053d9c9530dd60654ce66f8a30edabf52e2
- SSDEEP
  
  3072:zWsi+Is7ZLsNgqS3oyJBYiVjEsDoZwGd1:ytgZLsNgb3oyJBYiVjOZp
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence