e1250b2b001dc3cab36f33f366e209fafc0b537c282f533ffe9eba77c6b92e24 | Triage

Sharing

General

Target

e1250b2b001dc3cab36f33f366e209fafc0b537c282f533ffe9eba77c6b92e24
Size

312KB
Sample

221205-xh7xvafc67
MD5

d46c41e9602ee77490da200eda4eef8c
SHA1

5e4b603ef4c7b8a72fdbbb95593e8afd96fc89f4
SHA256

e1250b2b001dc3cab36f33f366e209fafc0b537c282f533ffe9eba77c6b92e24
SHA512

defaadf5665d01cb37b835d4cd933eae6ea7d4598ebce0cbb62c5be0a7dd1940be10523966c83dc57d5056e8c72f9a992edb1c29a7277fc51236854da5b406fb
SSDEEP

6144:Uw72vTlIpr1f+XqO5aOmSGFDbeOjLPmUMFG3:3uTlIB1f+55SpNPmUMFy

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e1250b2b001dc3cab36f33f366e209fafc0b537c282f533ffe9eba77c6b92e24
- Size
  
  312KB
- MD5
  
  d46c41e9602ee77490da200eda4eef8c
- SHA1
  
  5e4b603ef4c7b8a72fdbbb95593e8afd96fc89f4
- SHA256
  
  e1250b2b001dc3cab36f33f366e209fafc0b537c282f533ffe9eba77c6b92e24
- SHA512
  
  defaadf5665d01cb37b835d4cd933eae6ea7d4598ebce0cbb62c5be0a7dd1940be10523966c83dc57d5056e8c72f9a992edb1c29a7277fc51236854da5b406fb
- SSDEEP
  
  6144:Uw72vTlIpr1f+XqO5aOmSGFDbeOjLPmUMFG3:3uTlIB1f+55SpNPmUMFy
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence