e9ebe13cea92a8a3381f85054f5fd810aa6ab0d84c83980fed3223c28e55c8b2 | Triage

Sharing

General

Target

21b9216f2dabdaff519fa756d4ab9e1c
Size

252KB
Sample

231231-ast3eaehcm
MD5

21b9216f2dabdaff519fa756d4ab9e1c
SHA1

df33bb5ef6c10e6abc65b3d652021936e67c915c
SHA256

e9ebe13cea92a8a3381f85054f5fd810aa6ab0d84c83980fed3223c28e55c8b2
SHA512

8096616c2872d59c2e09a3c861c2160d766c9995ad1d24975b0b4100604d34e6170c03e491bca674da0f2422cfd354ffda137045e763fd6114a4d8356578bb49
SSDEEP

1536:DXIwL0xzslRbgE3vo97thU0CNY+cdoFlVxEz/c2JYO8VUmnbfzFHfz8sFBpYWC/M:rl0xkgYg9bVtgfzFHfzb51QRPr8GDiK

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  21b9216f2dabdaff519fa756d4ab9e1c
- Size
  
  252KB
- MD5
  
  21b9216f2dabdaff519fa756d4ab9e1c
- SHA1
  
  df33bb5ef6c10e6abc65b3d652021936e67c915c
- SHA256
  
  e9ebe13cea92a8a3381f85054f5fd810aa6ab0d84c83980fed3223c28e55c8b2
- SHA512
  
  8096616c2872d59c2e09a3c861c2160d766c9995ad1d24975b0b4100604d34e6170c03e491bca674da0f2422cfd354ffda137045e763fd6114a4d8356578bb49
- SSDEEP
  
  1536:DXIwL0xzslRbgE3vo97thU0CNY+cdoFlVxEz/c2JYO8VUmnbfzFHfz8sFBpYWC/M:rl0xkgYg9bVtgfzFHfzb51QRPr8GDiK
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence