6df71c23dcfab235ae46fddd501b3657c977eadc40b91a0f99bfc3d3aa6356e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6df71c23dcfab235ae46fddd501b3657c977eadc40b91a0f99bfc3d3aa6356e4
Size

244KB
Sample

221020-2hbxmahddn
MD5

7581aabea1bc9c4aee7412a149a5cb30
SHA1

1fb804c44cb5e0c03be10d44b90542fabc61e2c6
SHA256

6df71c23dcfab235ae46fddd501b3657c977eadc40b91a0f99bfc3d3aa6356e4
SHA512

d4067a535d22d707b0d03ff1f1ffd87ccf8b4e1974747e19d3052817c26107d1a541ada23c211ac60ef94cc1b40bff21348d6b9d157e1af867b37a6b481d8e0d
SSDEEP

3072:bhPBdBsROnFQp5yIuSP9lqVinU3bp/PTm2moJ6BwA+GABMndg3SU:bhJd07PnqVinU3bw2moJ6WAdgi

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6df71c23dcfab235ae46fddd501b3657c977eadc40b91a0f99bfc3d3aa6356e4
- Size
  
  244KB
- MD5
  
  7581aabea1bc9c4aee7412a149a5cb30
- SHA1
  
  1fb804c44cb5e0c03be10d44b90542fabc61e2c6
- SHA256
  
  6df71c23dcfab235ae46fddd501b3657c977eadc40b91a0f99bfc3d3aa6356e4
- SHA512
  
  d4067a535d22d707b0d03ff1f1ffd87ccf8b4e1974747e19d3052817c26107d1a541ada23c211ac60ef94cc1b40bff21348d6b9d157e1af867b37a6b481d8e0d
- SSDEEP
  
  3072:bhPBdBsROnFQp5yIuSP9lqVinU3bp/PTm2moJ6BwA+GABMndg3SU:bhJd07PnqVinU3bw2moJ6WAdgi
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence