d6d5cd50a94d411bcb6c081d40ce16f49add1bc24a259ae2801f19094f9d0bd2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6d5cd50a94d411bcb6c081d40ce16f49add1bc24a259ae2801f19094f9d0bd2
Size

216KB
Sample

221020-l3vbpsgfgp
MD5

96a97c8c57e4966b41e4b46aee1432bb
SHA1

a1386b4e5134d54f1ec04e0cf07dc65e1b3049f9
SHA256

d6d5cd50a94d411bcb6c081d40ce16f49add1bc24a259ae2801f19094f9d0bd2
SHA512

9c6696f64cd3e4e75dd1e9023a484ed40e87fcf85a5634f74f9f9a5c3d91439e717cbfb47098707a84bf40f72468e39b2658407f46ec1f858f85ae1fa91d31b5
SSDEEP

3072:+7Ui5xxe705cmpH8ijBcS6iS/bO40nN9k+s7EeHpAxIbYpZe:+7fDEHmpcyWX3/640N9kLjVX

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  d6d5cd50a94d411bcb6c081d40ce16f49add1bc24a259ae2801f19094f9d0bd2
- Size
  
  216KB
- MD5
  
  96a97c8c57e4966b41e4b46aee1432bb
- SHA1
  
  a1386b4e5134d54f1ec04e0cf07dc65e1b3049f9
- SHA256
  
  d6d5cd50a94d411bcb6c081d40ce16f49add1bc24a259ae2801f19094f9d0bd2
- SHA512
  
  9c6696f64cd3e4e75dd1e9023a484ed40e87fcf85a5634f74f9f9a5c3d91439e717cbfb47098707a84bf40f72468e39b2658407f46ec1f858f85ae1fa91d31b5
- SSDEEP
  
  3072:+7Ui5xxe705cmpH8ijBcS6iS/bO40nN9k+s7EeHpAxIbYpZe:+7fDEHmpcyWX3/640N9kLjVX
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence