ee404c58b82fa9c51a0744a9234dfd070aaae14c62a3306cf7f50ab7c8d06b8e | Triage

Sharing

General

Target

14ed84d8ae29095fc5f4e836c97f4f81
Size

376KB
Sample

231219-nnbxxsccal
MD5

14ed84d8ae29095fc5f4e836c97f4f81
SHA1

5f8a9b1e466adc54ddc5751d4c55a51ffd894953
SHA256

ee404c58b82fa9c51a0744a9234dfd070aaae14c62a3306cf7f50ab7c8d06b8e
SHA512

5af2afb516636d27bf990f6876b5ab46419f2117225503b80d4436ec981db6255fdd40de76402bc44a4c0bea9a2f6e4233e48f7b31edc46334c2f778f0af2148
SSDEEP

3072:EUbVmk0tQ9nLHbB9WHCS0AgTlhsp3mWVC:2k4QxL7B9WHK9Jhsp3G

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  14ed84d8ae29095fc5f4e836c97f4f81
- Size
  
  376KB
- MD5
  
  14ed84d8ae29095fc5f4e836c97f4f81
- SHA1
  
  5f8a9b1e466adc54ddc5751d4c55a51ffd894953
- SHA256
  
  ee404c58b82fa9c51a0744a9234dfd070aaae14c62a3306cf7f50ab7c8d06b8e
- SHA512
  
  5af2afb516636d27bf990f6876b5ab46419f2117225503b80d4436ec981db6255fdd40de76402bc44a4c0bea9a2f6e4233e48f7b31edc46334c2f778f0af2148
- SSDEEP
  
  3072:EUbVmk0tQ9nLHbB9WHCS0AgTlhsp3mWVC:2k4QxL7B9WHK9Jhsp3G
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence