6e144fb59c70459b9ba8ddc5866d79d40ba8c934784ed8171c1069f244106a69 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6e144fb59c70459b9ba8ddc5866d79d40ba8c934784ed8171c1069f244106a69
Size

124KB
Sample

220919-a9rnlshdh9
MD5

16d6dc417f1afbd6e3f6e914e0ee5a77
SHA1

911f3ada960722c9a0bb1ba3a96166e274cb109a
SHA256

6e144fb59c70459b9ba8ddc5866d79d40ba8c934784ed8171c1069f244106a69
SHA512

35cac26d5e39b877b59891d82a228e8fbdac0ec47e41b0876937a697aee6b4bfbb344e0fa21b3f866f63e95cb0460cb253a56e39dbd21d3423418b4a194ccade
SSDEEP

1536:m7EthwR+uBxeDtMYHa27J14ltxporZ45izNeG0h/x:sEthwR+keV6gJ1uCt45Jp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6e144fb59c70459b9ba8ddc5866d79d40ba8c934784ed8171c1069f244106a69
- Size
  
  124KB
- MD5
  
  16d6dc417f1afbd6e3f6e914e0ee5a77
- SHA1
  
  911f3ada960722c9a0bb1ba3a96166e274cb109a
- SHA256
  
  6e144fb59c70459b9ba8ddc5866d79d40ba8c934784ed8171c1069f244106a69
- SHA512
  
  35cac26d5e39b877b59891d82a228e8fbdac0ec47e41b0876937a697aee6b4bfbb344e0fa21b3f866f63e95cb0460cb253a56e39dbd21d3423418b4a194ccade
- SSDEEP
  
  1536:m7EthwR+uBxeDtMYHa27J14ltxporZ45izNeG0h/x:sEthwR+keV6gJ1uCt45Jp
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence