e13929a8306cfe9704651126e7163d476673787987dc289063bd292f568e7a12 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e13929a8306cfe9704651126e7163d476673787987dc289063bd292f568e7a12
Size

120KB
Sample

221206-tbgwasbg63
MD5

1ea32e2476b8b3fc01981ccef6fdb0a4
SHA1

ac1903b6fcd1835ee7895054293b78e60f3430ef
SHA256

e13929a8306cfe9704651126e7163d476673787987dc289063bd292f568e7a12
SHA512

c3997169a4abe120aa1ade331c4362d2137f6c8aa0667ec049572d63d0ae3acccac5de291098822db57b7a2d49d72a8094b4a4101ad23fa6def6c71fc8159c36
SSDEEP

1536:6TvMEYA06ONWttA+M0KuPe+cq2+VbM5dtO2XhXTOkIHzEHPjzVddnSlv3g:6bh2eA+Mp+P2Rs2R0HgHPjztSO

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e13929a8306cfe9704651126e7163d476673787987dc289063bd292f568e7a12
- Size
  
  120KB
- MD5
  
  1ea32e2476b8b3fc01981ccef6fdb0a4
- SHA1
  
  ac1903b6fcd1835ee7895054293b78e60f3430ef
- SHA256
  
  e13929a8306cfe9704651126e7163d476673787987dc289063bd292f568e7a12
- SHA512
  
  c3997169a4abe120aa1ade331c4362d2137f6c8aa0667ec049572d63d0ae3acccac5de291098822db57b7a2d49d72a8094b4a4101ad23fa6def6c71fc8159c36
- SSDEEP
  
  1536:6TvMEYA06ONWttA+M0KuPe+cq2+VbM5dtO2XhXTOkIHzEHPjzVddnSlv3g:6bh2eA+Mp+P2Rs2R0HgHPjztSO
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence