efe8b054f6678e8ea0ab27f693793d5c5dd7da1deb3f8d3c20100c9eb9fc548a | Triage

Sharing

General

Target

efe8b054f6678e8ea0ab27f693793d5c5dd7da1deb3f8d3c20100c9eb9fc548a
Size

212KB
Sample

221207-dpv23sda8x
MD5

fa4480b22b22f1ff08e4b72c88221479
SHA1

cffa6f193a9c84204e62463c76058a6f656901de
SHA256

efe8b054f6678e8ea0ab27f693793d5c5dd7da1deb3f8d3c20100c9eb9fc548a
SHA512

f7213c4a73ce802e14243f33bd9969c626680da0635b554c6be2eaab809bb2b853645c81d88054cfec2f6498ed2a8fd5f1ffe26c616c65f9a9b3a197d031fc10
SSDEEP

6144:ep4V3IrqJQNbufrI4ukDnx/8vtvwzsmMAEu3Wev5kBirl87VFt6En9x7Xf7oufa/:ep4CmGbMrI4ukDnx/8vtvwzsmMAEGHvT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  efe8b054f6678e8ea0ab27f693793d5c5dd7da1deb3f8d3c20100c9eb9fc548a
- Size
  
  212KB
- MD5
  
  fa4480b22b22f1ff08e4b72c88221479
- SHA1
  
  cffa6f193a9c84204e62463c76058a6f656901de
- SHA256
  
  efe8b054f6678e8ea0ab27f693793d5c5dd7da1deb3f8d3c20100c9eb9fc548a
- SHA512
  
  f7213c4a73ce802e14243f33bd9969c626680da0635b554c6be2eaab809bb2b853645c81d88054cfec2f6498ed2a8fd5f1ffe26c616c65f9a9b3a197d031fc10
- SSDEEP
  
  6144:ep4V3IrqJQNbufrI4ukDnx/8vtvwzsmMAEu3Wev5kBirl87VFt6En9x7Xf7oufa/:ep4CmGbMrI4ukDnx/8vtvwzsmMAEGHvT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence