b6fc3e4a1cd7cfa0a6539b8c56fc685ce01ed61efb2d516813fa9d869d0f383b | Triage

Sharing

General

Target

b6fc3e4a1cd7cfa0a6539b8c56fc685ce01ed61efb2d516813fa9d869d0f383b
Size

189KB
Sample

221011-hpvhrsahg6
MD5

6c48f9db118beb800deabdf82cb5a1a0
SHA1

f3b4763ddb0e1469993152878ac6167b0f0617c8
SHA256

b6fc3e4a1cd7cfa0a6539b8c56fc685ce01ed61efb2d516813fa9d869d0f383b
SHA512

d93ab9a12b66d9b7f762f55d2ee119baacfda7bb9148a3b8677cda2bea15708f90eff778939e45e39c397772f412d1f4e717caf4305895450a3d870ee1162580
SSDEEP

3072:6RWEC2Oi8NXC797F8TBfFvj4bq57PRwWJ1/ZoAiYujRpl:6vC2F8NXC796TB9vj48P7fRDiYuLl

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b6fc3e4a1cd7cfa0a6539b8c56fc685ce01ed61efb2d516813fa9d869d0f383b
- Size
  
  189KB
- MD5
  
  6c48f9db118beb800deabdf82cb5a1a0
- SHA1
  
  f3b4763ddb0e1469993152878ac6167b0f0617c8
- SHA256
  
  b6fc3e4a1cd7cfa0a6539b8c56fc685ce01ed61efb2d516813fa9d869d0f383b
- SHA512
  
  d93ab9a12b66d9b7f762f55d2ee119baacfda7bb9148a3b8677cda2bea15708f90eff778939e45e39c397772f412d1f4e717caf4305895450a3d870ee1162580
- SSDEEP
  
  3072:6RWEC2Oi8NXC797F8TBfFvj4bq57PRwWJ1/ZoAiYujRpl:6vC2F8NXC796TB9vj48P7fRDiYuLl
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence