e016fa5d36397d6da6aafae08dfc84c8225bc691e0cf24ef5cf29a68f297ef20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e016fa5d36397d6da6aafae08dfc84c8225bc691e0cf24ef5cf29a68f297ef20
Size

244KB
Sample

221207-c1lr4sag8t
MD5

ccdf2354f3999805f9b6f07d544b2bcc
SHA1

212588057a74a1fe3fff988e6f7279f582f9c196
SHA256

e016fa5d36397d6da6aafae08dfc84c8225bc691e0cf24ef5cf29a68f297ef20
SHA512

612c5893bacf2d6941a4ba07351d3b392f68cc8daab2a88f5e6668edd6a2b1310bf58ac5bfaf9857fe44ceb6dfaef8fa554c7ebe7b48f6a970ea66ef73348077
SSDEEP

3072:e7VlhN1mhpnvyMZeet/8LWCyiHCOXfPVG:aSvyMwNWCyiHCh

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e016fa5d36397d6da6aafae08dfc84c8225bc691e0cf24ef5cf29a68f297ef20
- Size
  
  244KB
- MD5
  
  ccdf2354f3999805f9b6f07d544b2bcc
- SHA1
  
  212588057a74a1fe3fff988e6f7279f582f9c196
- SHA256
  
  e016fa5d36397d6da6aafae08dfc84c8225bc691e0cf24ef5cf29a68f297ef20
- SHA512
  
  612c5893bacf2d6941a4ba07351d3b392f68cc8daab2a88f5e6668edd6a2b1310bf58ac5bfaf9857fe44ceb6dfaef8fa554c7ebe7b48f6a970ea66ef73348077
- SSDEEP
  
  3072:e7VlhN1mhpnvyMZeet/8LWCyiHCOXfPVG:aSvyMwNWCyiHCh
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence