246d6ccad326283447a1dd5b68068b7e0dff1bf9d90b01619697d61b76d17b99 | Triage

Sharing

General

Target

246d6ccad326283447a1dd5b68068b7e0dff1bf9d90b01619697d61b76d17b99
Size

51KB
Sample

221011-egv8jsdfcq
MD5

6c418793be2bf9efa41f3121dd217d70
SHA1

1cfd10bf20aefa546bb3c39291223d10ce278d5e
SHA256

246d6ccad326283447a1dd5b68068b7e0dff1bf9d90b01619697d61b76d17b99
SHA512

4f9d8feff2a0a205c76f265fb5b96a1bc7e0c1319f6eac978d4b1464391a12450436c851c7fa11eaacb3fa2b1ec7ee6bf499ed778bc371205f153266f9561306
SSDEEP

768:i2D/1865QbrS+eUfOrm9uTx22R581J6HqYjHn2qvtK18/E71bToNVGnsHCCjPka9:lKuchsvR21XobHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  246d6ccad326283447a1dd5b68068b7e0dff1bf9d90b01619697d61b76d17b99
- Size
  
  51KB
- MD5
  
  6c418793be2bf9efa41f3121dd217d70
- SHA1
  
  1cfd10bf20aefa546bb3c39291223d10ce278d5e
- SHA256
  
  246d6ccad326283447a1dd5b68068b7e0dff1bf9d90b01619697d61b76d17b99
- SHA512
  
  4f9d8feff2a0a205c76f265fb5b96a1bc7e0c1319f6eac978d4b1464391a12450436c851c7fa11eaacb3fa2b1ec7ee6bf499ed778bc371205f153266f9561306
- SSDEEP
  
  768:i2D/1865QbrS+eUfOrm9uTx22R581J6HqYjHn2qvtK18/E71bToNVGnsHCCjPka9:lKuchsvR21XobHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence