e4032ea64471d2fa4d66dbc058f043e27960cc0d4d82659177bba78fd2281e97 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e4032ea64471d2fa4d66dbc058f043e27960cc0d4d82659177bba78fd2281e97
Size

55KB
Sample

221206-wyltwaef8y
MD5

616cfb9dacb934951c96a88a67876406
SHA1

d13831c0cfa6589072435b4d98186a7f97881521
SHA256

e4032ea64471d2fa4d66dbc058f043e27960cc0d4d82659177bba78fd2281e97
SHA512

e5031d0a25e242a9df2745342bdc91362cb9d5853fbbe2e1279a53c9399cddf67875935dbeb919cc8056eb9a754d927d8654c1727f87100825c3c1bbde901261
SSDEEP

1536:V3cpyORJLuB4P4AJJv4Romu/xtKGR8QzG852ncgV:V3c1fP4AJJv45GfbG8kP

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  e4032ea64471d2fa4d66dbc058f043e27960cc0d4d82659177bba78fd2281e97
- Size
  
  55KB
- MD5
  
  616cfb9dacb934951c96a88a67876406
- SHA1
  
  d13831c0cfa6589072435b4d98186a7f97881521
- SHA256
  
  e4032ea64471d2fa4d66dbc058f043e27960cc0d4d82659177bba78fd2281e97
- SHA512
  
  e5031d0a25e242a9df2745342bdc91362cb9d5853fbbe2e1279a53c9399cddf67875935dbeb919cc8056eb9a754d927d8654c1727f87100825c3c1bbde901261
- SSDEEP
  
  1536:V3cpyORJLuB4P4AJJv4Romu/xtKGR8QzG852ncgV:V3c1fP4AJJv45GfbG8kP
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2