6a79ab8f85c673d45ef57bbdd2b7e1c40de8acca36606406ff1e2629913b09d8 | Triage

Sharing

General

Target

6a79ab8f85c673d45ef57bbdd2b7e1c40de8acca36606406ff1e2629913b09d8
Size

68KB
Sample

221002-tcsn7aehej
MD5

6496f8f64fcc551ad5f58c9a99bf5450
SHA1

f5d9684afce44255187d2fc8bdc6184f8e99091f
SHA256

6a79ab8f85c673d45ef57bbdd2b7e1c40de8acca36606406ff1e2629913b09d8
SHA512

27249c05bfccc303da16af32990f671b4a49c3570e3468beb754a90e7e6671da040a1f808b1d51f7890d6c452a0ca028d546984775e62c7292a61f0eee13241a
SSDEEP

768:EcwliTdirc3HAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:DwIxQ6HAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6a79ab8f85c673d45ef57bbdd2b7e1c40de8acca36606406ff1e2629913b09d8
- Size
  
  68KB
- MD5
  
  6496f8f64fcc551ad5f58c9a99bf5450
- SHA1
  
  f5d9684afce44255187d2fc8bdc6184f8e99091f
- SHA256
  
  6a79ab8f85c673d45ef57bbdd2b7e1c40de8acca36606406ff1e2629913b09d8
- SHA512
  
  27249c05bfccc303da16af32990f671b4a49c3570e3468beb754a90e7e6671da040a1f808b1d51f7890d6c452a0ca028d546984775e62c7292a61f0eee13241a
- SSDEEP
  
  768:EcwliTdirc3HAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:DwIxQ6HAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence