ee219c8eb0cba96c17beb6fe6e891fef94f3c1adbcea018d33f78a66d0fd9f95 | Triage

Sharing

General

Target

ee219c8eb0cba96c17beb6fe6e891fef94f3c1adbcea018d33f78a66d0fd9f95
Size

228KB
Sample

240503-fmgssahg65
MD5

ac9f41d30f06d576b8b7804887b2de4d
SHA1

afdc708ab9422eb0489ea45380a59a066409a088
SHA256

ee219c8eb0cba96c17beb6fe6e891fef94f3c1adbcea018d33f78a66d0fd9f95
SHA512

a125dbb69d6f7d5a6a134fc96b5b44bac8a1a95d6ac65addb9cec6bd4b1c318e0b4959ca46e746f431e1b0935c25f2d4d2e2188ad96635d797bbc544117875f7
SSDEEP

6144:D5GDh4jLt4NVcWgyGELwXiS8T+bbhn7aRjS5ZgBb0:1GWntWyD1LiS8lS5ZI

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ee219c8eb0cba96c17beb6fe6e891fef94f3c1adbcea018d33f78a66d0fd9f95
- Size
  
  228KB
- MD5
  
  ac9f41d30f06d576b8b7804887b2de4d
- SHA1
  
  afdc708ab9422eb0489ea45380a59a066409a088
- SHA256
  
  ee219c8eb0cba96c17beb6fe6e891fef94f3c1adbcea018d33f78a66d0fd9f95
- SHA512
  
  a125dbb69d6f7d5a6a134fc96b5b44bac8a1a95d6ac65addb9cec6bd4b1c318e0b4959ca46e746f431e1b0935c25f2d4d2e2188ad96635d797bbc544117875f7
- SSDEEP
  
  6144:D5GDh4jLt4NVcWgyGELwXiS8T+bbhn7aRjS5ZgBb0:1GWntWyD1LiS8lS5ZI
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence