ae5cabd9e8c10af2054adb00ca3af8aec5e9d6baa8a3dff1048b270671a0ae4a | Triage

Sharing

General

Target

ae5cabd9e8c10af2054adb00ca3af8aec5e9d6baa8a3dff1048b270671a0ae4a
Size

53KB
Sample

240517-c794aadf9v
MD5

45c5c3b37c7daa38c507bf711d078879
SHA1

11a8546bf3179e9e92c70cb1e91cdc7440552473
SHA256

ae5cabd9e8c10af2054adb00ca3af8aec5e9d6baa8a3dff1048b270671a0ae4a
SHA512

a769f322394989207be9cc2ac46f92d5e074d99881dac656c97014ecaa2ba8fb0276b0f585111e04826588f1df73768a4b0cd172e4a6f154e6cfdcbd6fc82e18
SSDEEP

1536:vN6g8r8Q4piW7Kp3StjEMjmLM3ztDJWZsXy4JzxPMU:xpiWJJjmLM3zRJWZsXy4Jd

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ae5cabd9e8c10af2054adb00ca3af8aec5e9d6baa8a3dff1048b270671a0ae4a
- Size
  
  53KB
- MD5
  
  45c5c3b37c7daa38c507bf711d078879
- SHA1
  
  11a8546bf3179e9e92c70cb1e91cdc7440552473
- SHA256
  
  ae5cabd9e8c10af2054adb00ca3af8aec5e9d6baa8a3dff1048b270671a0ae4a
- SHA512
  
  a769f322394989207be9cc2ac46f92d5e074d99881dac656c97014ecaa2ba8fb0276b0f585111e04826588f1df73768a4b0cd172e4a6f154e6cfdcbd6fc82e18
- SSDEEP
  
  1536:vN6g8r8Q4piW7Kp3StjEMjmLM3ztDJWZsXy4JzxPMU:xpiWJJjmLM3zRJWZsXy4Jd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence