a6963bb5ae9f8bd47ad12e371ddd633ca7dd7bdbe8d9d9ca09fd6f20f2442291

General
Target

a6963bb5ae9f8bd47ad12e371ddd633ca7dd7bdbe8d9d9ca09fd6f20f2442291

Size

1MB

Sample

220503-xw6a6sdbbk

Score
8 /10
MD5

ce91f8d31da74fe243e6404a8866b2c1

SHA1

3929bb670d830dc1b990a338483d9fb389e63308

SHA256

a6963bb5ae9f8bd47ad12e371ddd633ca7dd7bdbe8d9d9ca09fd6f20f2442291

SHA512

d0525dfcd869d2dc12045cafb31872c8b9c585ed85de002eb5027f28a7e59150bfd408134fcf947b0858b819c64148b760ca5efee4f61580ac7ef493a224391b

Malware Config
Targets
Target

a6963bb5ae9f8bd47ad12e371ddd633ca7dd7bdbe8d9d9ca09fd6f20f2442291

MD5

ce91f8d31da74fe243e6404a8866b2c1

Filesize

1MB

Score
8/10
SHA1

3929bb670d830dc1b990a338483d9fb389e63308

SHA256

a6963bb5ae9f8bd47ad12e371ddd633ca7dd7bdbe8d9d9ca09fd6f20f2442291

SHA512

d0525dfcd869d2dc12045cafb31872c8b9c585ed85de002eb5027f28a7e59150bfd408134fcf947b0858b819c64148b760ca5efee4f61580ac7ef493a224391b

Tags

Signatures

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Possible privilege escalation attempt

    Tags

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  8/10

                  behavioral2

                  8/10