ec5242962e2a9c707c2b384d21a2188587785d3cf393efe6a6fee2158891fe71 | Triage

Sharing

General

Target

ec5242962e2a9c707c2b384d21a2188587785d3cf393efe6a6fee2158891fe71
Size

53KB
Sample

240709-hs8vkatfre
MD5

e5fb0b9a31661d5fc7f811756506cf52
SHA1

abe8882e471bb0a60c2cb046b2cfb073b973c036
SHA256

ec5242962e2a9c707c2b384d21a2188587785d3cf393efe6a6fee2158891fe71
SHA512

56f1252a010af81c8de7d9d73ce4f16fae5211a68505c5df702accc7af2e0a8e61f0c4cbd2c7889bf04891f7ecb006a354657403d65c1f31adcf8b31f48b6fb8
SSDEEP

1536:vNBg8r8Q/QmxT7Kp3StjEMjmLM3ztDJWZsXy4JzxPMk:zQmZJJjmLM3zRJWZsXy4JN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  ec5242962e2a9c707c2b384d21a2188587785d3cf393efe6a6fee2158891fe71
- Size
  
  53KB
- MD5
  
  e5fb0b9a31661d5fc7f811756506cf52
- SHA1
  
  abe8882e471bb0a60c2cb046b2cfb073b973c036
- SHA256
  
  ec5242962e2a9c707c2b384d21a2188587785d3cf393efe6a6fee2158891fe71
- SHA512
  
  56f1252a010af81c8de7d9d73ce4f16fae5211a68505c5df702accc7af2e0a8e61f0c4cbd2c7889bf04891f7ecb006a354657403d65c1f31adcf8b31f48b6fb8
- SSDEEP
  
  1536:vNBg8r8Q/QmxT7Kp3StjEMjmLM3ztDJWZsXy4JzxPMk:zQmZJJjmLM3zRJWZsXy4JN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence