66b9476368cf9976d87f6d418b94f12ba70dc4630998a9d9fb87b7885ad403f6 | Triage

Sharing

General

Target

66b9476368cf9976d87f6d418b94f12ba70dc4630998a9d9fb87b7885ad403f6
Size

80KB
Sample

221011-zqq1eaebb7
MD5

6a4947920c1862bdb2fa38c1e6e91bf0
SHA1

dd51f34342f19298454e67bcd1920e1099ff4363
SHA256

66b9476368cf9976d87f6d418b94f12ba70dc4630998a9d9fb87b7885ad403f6
SHA512

93567a9fea3c7961923e8972160ca978a7e628b391f6a0ce88a8abd36b23f094e565dfe8dcc9932769008446f7740e65bb2fc0e887096404556c9ef9e7e62eb7
SSDEEP

1536:komto4AJyF8e/O+TtSv6DhjFEA5n6qtvmzrRptAi858J8MGu1v3i6EGt:j4Q3t

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  66b9476368cf9976d87f6d418b94f12ba70dc4630998a9d9fb87b7885ad403f6
- Size
  
  80KB
- MD5
  
  6a4947920c1862bdb2fa38c1e6e91bf0
- SHA1
  
  dd51f34342f19298454e67bcd1920e1099ff4363
- SHA256
  
  66b9476368cf9976d87f6d418b94f12ba70dc4630998a9d9fb87b7885ad403f6
- SHA512
  
  93567a9fea3c7961923e8972160ca978a7e628b391f6a0ce88a8abd36b23f094e565dfe8dcc9932769008446f7740e65bb2fc0e887096404556c9ef9e7e62eb7
- SSDEEP
  
  1536:komto4AJyF8e/O+TtSv6DhjFEA5n6qtvmzrRptAi858J8MGu1v3i6EGt:j4Q3t
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence