2eb8ab839de10b015435eb090b2f34396efa412c932786bac9e16d75ff284cb9 | Triage

Sharing

General

Target

2eb8ab839de10b015435eb090b2f34396efa412c932786bac9e16d75ff284cb9
Size

124KB
Sample

240503-yt61cseb9v
MD5

dbb5baf83a4268fd6263222530f76510
SHA1

f48065f6eaf68d7995545d63ac97f0811f758d21
SHA256

2eb8ab839de10b015435eb090b2f34396efa412c932786bac9e16d75ff284cb9
SHA512

41339808c797e080787a696fd2ca431bf188f86af155c5c186ece539e90ffe2b465a8739ae3704e7c0872d70f205272e67ba8c3f7c8e46d62f3e3c2cfe611be4
SSDEEP

1536:FJszA5YShRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:nGCYShkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  2eb8ab839de10b015435eb090b2f34396efa412c932786bac9e16d75ff284cb9
- Size
  
  124KB
- MD5
  
  dbb5baf83a4268fd6263222530f76510
- SHA1
  
  f48065f6eaf68d7995545d63ac97f0811f758d21
- SHA256
  
  2eb8ab839de10b015435eb090b2f34396efa412c932786bac9e16d75ff284cb9
- SHA512
  
  41339808c797e080787a696fd2ca431bf188f86af155c5c186ece539e90ffe2b465a8739ae3704e7c0872d70f205272e67ba8c3f7c8e46d62f3e3c2cfe611be4
- SSDEEP
  
  1536:FJszA5YShRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:nGCYShkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence