e9199078961ae975c799946031172487e5d055ced4a18560c5cf6f459b493bb7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a3e442678d158486d272b771b20e47b
Size

180KB
Sample

231225-gs97ysbedl
MD5

0a3e442678d158486d272b771b20e47b
SHA1

b8905730c36d3f25ce76d77cd3cac32559d47507
SHA256

e9199078961ae975c799946031172487e5d055ced4a18560c5cf6f459b493bb7
SHA512

5a43be7a20ee6228a9960a31e034da3ac596e48a5750e063f6abb8669d6eba40d8bc0fcb2f81e70751c6dfc77be50cc66cf15d2003cdf50ae1b84d86579adfef
SSDEEP

1536:alXZldcxKc8NMgeGU4AeGL0TxpKwmf8y0IpWur+2RPFYSUxBphFBpNy:0pfcSg4dgxkcrhRVUHFB+

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  0a3e442678d158486d272b771b20e47b
- Size
  
  180KB
- MD5
  
  0a3e442678d158486d272b771b20e47b
- SHA1
  
  b8905730c36d3f25ce76d77cd3cac32559d47507
- SHA256
  
  e9199078961ae975c799946031172487e5d055ced4a18560c5cf6f459b493bb7
- SHA512
  
  5a43be7a20ee6228a9960a31e034da3ac596e48a5750e063f6abb8669d6eba40d8bc0fcb2f81e70751c6dfc77be50cc66cf15d2003cdf50ae1b84d86579adfef
- SSDEEP
  
  1536:alXZldcxKc8NMgeGU4AeGL0TxpKwmf8y0IpWur+2RPFYSUxBphFBpNy:0pfcSg4dgxkcrhRVUHFB+
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence