4a6bbd8fda180cbd3db6e14ab53374b8aafd79dabe4f039ded9560311ebbc818 | Triage

Sharing

General

Target

4a6bbd8fda180cbd3db6e14ab53374b8aafd79dabe4f039ded9560311ebbc818
Size

672KB
Sample

221003-emkc8sgffk
MD5

537d4dcf1d332bf09437b0d11549b1c0
SHA1

6bd50743a64544b7901801ba456693c5d658c40f
SHA256

4a6bbd8fda180cbd3db6e14ab53374b8aafd79dabe4f039ded9560311ebbc818
SHA512

e87da0d8f7518d259d3e382597f3d5cbcb884d6913850bd715db19f797d12c6b15775b2b37705223500cbacde6c2e15372433a165a4f4aadb1c03a6c70068450
SSDEEP

6144:7dbELf/MR/cWdi5pV/JNWOVhMUVbELf/MR/e6xW1MFbKZ871HSrhVDeEt4169rBT:BdOpNX1hQ18bKKiZG16/

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  4a6bbd8fda180cbd3db6e14ab53374b8aafd79dabe4f039ded9560311ebbc818
- Size
  
  672KB
- MD5
  
  537d4dcf1d332bf09437b0d11549b1c0
- SHA1
  
  6bd50743a64544b7901801ba456693c5d658c40f
- SHA256
  
  4a6bbd8fda180cbd3db6e14ab53374b8aafd79dabe4f039ded9560311ebbc818
- SHA512
  
  e87da0d8f7518d259d3e382597f3d5cbcb884d6913850bd715db19f797d12c6b15775b2b37705223500cbacde6c2e15372433a165a4f4aadb1c03a6c70068450
- SSDEEP
  
  6144:7dbELf/MR/cWdi5pV/JNWOVhMUVbELf/MR/e6xW1MFbKZ871HSrhVDeEt4169rBT:BdOpNX1hQ18bKKiZG16/
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence