6b1c1664c87932eab30677598fddd62b3f850c8c30754c17cd1e820a86777e9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b1c1664c87932eab30677598fddd62b3f850c8c30754c17cd1e820a86777e9f
Size

224KB
Sample

221003-dnw8radeg4
MD5

699f8489534e8d2dd62d6d7379bee5ae
SHA1

ba8d66d7e7eb146e37d3bb1ea22c913e74038799
SHA256

6b1c1664c87932eab30677598fddd62b3f850c8c30754c17cd1e820a86777e9f
SHA512

e2e84223ad7b3bbc2a07869d31d5c73a2e6f8df14b85b8efe462827c61c69ebf6e5ee0e3e7f289a77940aac0483a9e88c38d2c58b61631c6dd004af24e38ac05
SSDEEP

3072:RXyqNsMoBuOZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:gqN5+p4LnbmlrZW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6b1c1664c87932eab30677598fddd62b3f850c8c30754c17cd1e820a86777e9f
- Size
  
  224KB
- MD5
  
  699f8489534e8d2dd62d6d7379bee5ae
- SHA1
  
  ba8d66d7e7eb146e37d3bb1ea22c913e74038799
- SHA256
  
  6b1c1664c87932eab30677598fddd62b3f850c8c30754c17cd1e820a86777e9f
- SHA512
  
  e2e84223ad7b3bbc2a07869d31d5c73a2e6f8df14b85b8efe462827c61c69ebf6e5ee0e3e7f289a77940aac0483a9e88c38d2c58b61631c6dd004af24e38ac05
- SSDEEP
  
  3072:RXyqNsMoBuOZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:gqN5+p4LnbmlrZW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence