2cc0e3e2f585797e4828f5100cb65ea8fe5a31479ace39d9d80f6a4caa196f40 | Triage

Sharing

General

Target

73ae7939eeda4791a97e2ec51908ce3f
Size

96KB
Sample

240125-ekmetafga2
MD5

73ae7939eeda4791a97e2ec51908ce3f
SHA1

2a66e85605d3dd2cbe6cd5a47d3a5c550d48762b
SHA256

2cc0e3e2f585797e4828f5100cb65ea8fe5a31479ace39d9d80f6a4caa196f40
SHA512

528ab7a8f3d1a58b4faa9f9e193b9d3e94b4e8c850a4cce7a828662b08cbba0bf00504de83f564a37bc19eb7333828b052e112a556ddec2f848c488a77718c16
SSDEEP

1536:fslEg5229tyVQO8P8ych9Ewjj3RJNEo/knRzdnynE7RldNEP8lijOevNIjnZ5:fME/2elychrzR3Ek65RldqvCnn

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  73ae7939eeda4791a97e2ec51908ce3f
- Size
  
  96KB
- MD5
  
  73ae7939eeda4791a97e2ec51908ce3f
- SHA1
  
  2a66e85605d3dd2cbe6cd5a47d3a5c550d48762b
- SHA256
  
  2cc0e3e2f585797e4828f5100cb65ea8fe5a31479ace39d9d80f6a4caa196f40
- SHA512
  
  528ab7a8f3d1a58b4faa9f9e193b9d3e94b4e8c850a4cce7a828662b08cbba0bf00504de83f564a37bc19eb7333828b052e112a556ddec2f848c488a77718c16
- SSDEEP
  
  1536:fslEg5229tyVQO8P8ych9Ewjj3RJNEo/knRzdnynE7RldNEP8lijOevNIjnZ5:fME/2elychrzR3Ek65RldqvCnn
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence