6f4e182aa472dfc73f568d672b598ed63590a9a39872b0542c30e55bd9d116c8 | Triage

Sharing

General

Target

6f4e182aa472dfc73f568d672b598ed63590a9a39872b0542c30e55bd9d116c8
Size

224KB
Sample

221030-vc1v8safg8
MD5

821d9a1963ad96572df5411f7cc19ee0
SHA1

d2d3f571eed922d59e580c8921d757bd0400062f
SHA256

6f4e182aa472dfc73f568d672b598ed63590a9a39872b0542c30e55bd9d116c8
SHA512

a019f011de88fecdb8e7e3034b6babc3f35aba559d742df8cc25ede2c35cb949dc2c4838426f6634c8d58d592d4712b90af1ad4805cb1c3b79966b0eb7aad193
SSDEEP

3072:hiYkWn7aWbqDImDrT+UvtkvnNBLieMyiayNe2XKrJlZm+lDC:hFkWpuImDrT+U1QtMyiaO6Nk

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6f4e182aa472dfc73f568d672b598ed63590a9a39872b0542c30e55bd9d116c8
- Size
  
  224KB
- MD5
  
  821d9a1963ad96572df5411f7cc19ee0
- SHA1
  
  d2d3f571eed922d59e580c8921d757bd0400062f
- SHA256
  
  6f4e182aa472dfc73f568d672b598ed63590a9a39872b0542c30e55bd9d116c8
- SHA512
  
  a019f011de88fecdb8e7e3034b6babc3f35aba559d742df8cc25ede2c35cb949dc2c4838426f6634c8d58d592d4712b90af1ad4805cb1c3b79966b0eb7aad193
- SSDEEP
  
  3072:hiYkWn7aWbqDImDrT+UvtkvnNBLieMyiayNe2XKrJlZm+lDC:hFkWpuImDrT+U1QtMyiaO6Nk
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence