aeb47eba92677e45dfb9606ceb4a27ceaab2e47dd20224a22f56beb0ca6e22e0 | Triage

Sharing

General

Target

c82a2781bf15bb0309caf3e205bad74a
Size

156KB
Sample

240314-kee2faeh8y
MD5

c82a2781bf15bb0309caf3e205bad74a
SHA1

c0252b662bb6d4251918b33105bb43546e5fc88d
SHA256

aeb47eba92677e45dfb9606ceb4a27ceaab2e47dd20224a22f56beb0ca6e22e0
SHA512

4ef8f3c90a0e5bde81ddf3d911549bc2ec2170ca92783f9f6abf368d9d37954d4564f35f3074fb4dce48b89f2a222f0e358b65093da940e07a14ca80b444158a
SSDEEP

3072:oBd1rE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANQ4oQZiE+0D:6dBE2R7Qvb4tQTaCeFP4AqWx

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  c82a2781bf15bb0309caf3e205bad74a
- Size
  
  156KB
- MD5
  
  c82a2781bf15bb0309caf3e205bad74a
- SHA1
  
  c0252b662bb6d4251918b33105bb43546e5fc88d
- SHA256
  
  aeb47eba92677e45dfb9606ceb4a27ceaab2e47dd20224a22f56beb0ca6e22e0
- SHA512
  
  4ef8f3c90a0e5bde81ddf3d911549bc2ec2170ca92783f9f6abf368d9d37954d4564f35f3074fb4dce48b89f2a222f0e358b65093da940e07a14ca80b444158a
- SSDEEP
  
  3072:oBd1rE2MtU7Qv0w4ZRRQMMDwtIMCeFP4ANQ4oQZiE+0D:6dBE2R7Qvb4tQTaCeFP4AqWx
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence