44a3de7a127eb36b40a74a0060878511552e2c1cf1895fa1c3c94e2b97700e2f | Triage

Sharing

General

Target

e15cfa0ebee2434ea5754b8792e99fed
Size

457KB
Sample

240327-ln94lsce7w
MD5

e15cfa0ebee2434ea5754b8792e99fed
SHA1

5c266f0cc99ced529a6f45a75cf4028d3b129ef1
SHA256

44a3de7a127eb36b40a74a0060878511552e2c1cf1895fa1c3c94e2b97700e2f
SHA512

2274f30ea04d57a8c119ffa8cc6550bad318936b4ee3c079cd08f48d321b55460810115f77304705fdf38334a1f9f3e80197ade106b9b3fbe70bcb65ce774144
SSDEEP

12288:8ruv4bsMW39A6Mir4Zhp9TOZ7OoKkBfTqXheBZdo3Q:v4v6A7ZhIV2XheHO

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  e15cfa0ebee2434ea5754b8792e99fed
- Size
  
  457KB
- MD5
  
  e15cfa0ebee2434ea5754b8792e99fed
- SHA1
  
  5c266f0cc99ced529a6f45a75cf4028d3b129ef1
- SHA256
  
  44a3de7a127eb36b40a74a0060878511552e2c1cf1895fa1c3c94e2b97700e2f
- SHA512
  
  2274f30ea04d57a8c119ffa8cc6550bad318936b4ee3c079cd08f48d321b55460810115f77304705fdf38334a1f9f3e80197ade106b9b3fbe70bcb65ce774144
- SSDEEP
  
  12288:8ruv4bsMW39A6Mir4Zhp9TOZ7OoKkBfTqXheBZdo3Q:v4v6A7ZhIV2XheHO
Score

8^/10

evasion persistence
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence