754aedba1d2785939c15f236de4434da1831158761bd5587ffbba941efa65192 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

754aedba1d2785939c15f236de4434da1831158761bd5587ffbba941efa65192
Size

116KB
Sample

221205-mtme6sfe71
MD5

f27a435881bd6883b0fdf66220a1dd11
SHA1

ff98ef441684f8c678e419a664a0042b9bbb710c
SHA256

754aedba1d2785939c15f236de4434da1831158761bd5587ffbba941efa65192
SHA512

ceac928349ca8923cb8a61787c463a506027b778537b3afb448380fcd4d9ae840d09e7fd20dedf5b8adfef34bedaf6ca0f591c6ac4469c3cdabfbaedd010352e
SSDEEP

1536:VmQ8pm9DBeZUBFTgVjtXZTto1e9uCLBCPr8/NL44PerV9I8kIi/6h:obp4eZU7TgdTq1drxh

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  754aedba1d2785939c15f236de4434da1831158761bd5587ffbba941efa65192
- Size
  
  116KB
- MD5
  
  f27a435881bd6883b0fdf66220a1dd11
- SHA1
  
  ff98ef441684f8c678e419a664a0042b9bbb710c
- SHA256
  
  754aedba1d2785939c15f236de4434da1831158761bd5587ffbba941efa65192
- SHA512
  
  ceac928349ca8923cb8a61787c463a506027b778537b3afb448380fcd4d9ae840d09e7fd20dedf5b8adfef34bedaf6ca0f591c6ac4469c3cdabfbaedd010352e
- SSDEEP
  
  1536:VmQ8pm9DBeZUBFTgVjtXZTto1e9uCLBCPr8/NL44PerV9I8kIi/6h:obp4eZU7TgdTq1drxh
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence