b6993aacd25c145afd050e23f29775f52652534dfad2015969d4b7a8c505b5e8 | Triage

Sharing

General

Target

b6993aacd25c145afd050e23f29775f52652534dfad2015969d4b7a8c505b5e8
Size

224KB
Sample

221030-yw6glshhdm
MD5

90faf2d62a7740492c6746fe589d9276
SHA1

d5de249920fe536983297f68795dc93e782cbac6
SHA256

b6993aacd25c145afd050e23f29775f52652534dfad2015969d4b7a8c505b5e8
SHA512

6b472b4323fb055d4d89726a49dd7c44b70c87869b78f7923338c7b10cfbcfb071ebd6db55647b624b678773a1c1aa5d37396c35c894806579cf0322b3ae6a36
SSDEEP

3072:sXyqNsMoBubZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:zqN57p4LnbmlrZW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b6993aacd25c145afd050e23f29775f52652534dfad2015969d4b7a8c505b5e8
- Size
  
  224KB
- MD5
  
  90faf2d62a7740492c6746fe589d9276
- SHA1
  
  d5de249920fe536983297f68795dc93e782cbac6
- SHA256
  
  b6993aacd25c145afd050e23f29775f52652534dfad2015969d4b7a8c505b5e8
- SHA512
  
  6b472b4323fb055d4d89726a49dd7c44b70c87869b78f7923338c7b10cfbcfb071ebd6db55647b624b678773a1c1aa5d37396c35c894806579cf0322b3ae6a36
- SSDEEP
  
  3072:sXyqNsMoBubZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:zqN57p4LnbmlrZW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence