6f243d0fb395cd0956cb96d00dd253d2992bddbb5f5f782ee4a2ed68d0a95cc6 | Triage

Sharing

General

Target

6f243d0fb395cd0956cb96d00dd253d2992bddbb5f5f782ee4a2ed68d0a95cc6
Size

124KB
Sample

221030-y3w7hshcb6
MD5

a18fd50d27e9ea047b2e7dd2a7db3f62
SHA1

496dd87a5767381d563698376fcdfe018c03f269
SHA256

6f243d0fb395cd0956cb96d00dd253d2992bddbb5f5f782ee4a2ed68d0a95cc6
SHA512

422420961963a9d23b135fa9fed8f1c3ed7a61bec244730227e2eb50700a3f0d6e0a927d1fc24c78d2ee56f557ea0df335f9627c14dbaf7d9c25cbb99723830c
SSDEEP

1536:60sz65YLahRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:VG4Y2hkFoN3Oo1+FvfSW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6f243d0fb395cd0956cb96d00dd253d2992bddbb5f5f782ee4a2ed68d0a95cc6
- Size
  
  124KB
- MD5
  
  a18fd50d27e9ea047b2e7dd2a7db3f62
- SHA1
  
  496dd87a5767381d563698376fcdfe018c03f269
- SHA256
  
  6f243d0fb395cd0956cb96d00dd253d2992bddbb5f5f782ee4a2ed68d0a95cc6
- SHA512
  
  422420961963a9d23b135fa9fed8f1c3ed7a61bec244730227e2eb50700a3f0d6e0a927d1fc24c78d2ee56f557ea0df335f9627c14dbaf7d9c25cbb99723830c
- SSDEEP
  
  1536:60sz65YLahRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmE:VG4Y2hkFoN3Oo1+FvfSW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence