8edd5d0d38e1cbea27a8a68e48096d6bc016fe196b64b06e11038a1924055251 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8edd5d0d38e1cbea27a8a68e48096d6bc016fe196b64b06e11038a1924055251
Size

180KB
Sample

221205-mjf6eaef4y
MD5

18acc7161d2e8570172cd4afed90d993
SHA1

1f04a241faedcbcd5485edfdf50cb3586ce2d7e8
SHA256

8edd5d0d38e1cbea27a8a68e48096d6bc016fe196b64b06e11038a1924055251
SHA512

bfb9ccb059504db60941bbac3720db627b4a121dffdf89415ed5dc7f848d768da8f39ca97808294f675a018242ad80475a477dc06879f6ce946adfd34239af8c
SSDEEP

3072:Miu7ehhNrWlAIJqPYNbihKovbAM4VkRvjCKuz3EwBT3edZlSL6aOuTOunpE7bVG/:M5uhNrWlAIJqPYNbihRzrNvjITEeedZo

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  8edd5d0d38e1cbea27a8a68e48096d6bc016fe196b64b06e11038a1924055251
- Size
  
  180KB
- MD5
  
  18acc7161d2e8570172cd4afed90d993
- SHA1
  
  1f04a241faedcbcd5485edfdf50cb3586ce2d7e8
- SHA256
  
  8edd5d0d38e1cbea27a8a68e48096d6bc016fe196b64b06e11038a1924055251
- SHA512
  
  bfb9ccb059504db60941bbac3720db627b4a121dffdf89415ed5dc7f848d768da8f39ca97808294f675a018242ad80475a477dc06879f6ce946adfd34239af8c
- SSDEEP
  
  3072:Miu7ehhNrWlAIJqPYNbihKovbAM4VkRvjCKuz3EwBT3edZlSL6aOuTOunpE7bVG/:M5uhNrWlAIJqPYNbihRzrNvjITEeedZo
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence