6f147313fe1474b0ed73b0feb4f5d26f9738e5e1f75d8dbfeff2f6e0d6acb81b | Triage

Sharing

General

Target

6f147313fe1474b0ed73b0feb4f5d26f9738e5e1f75d8dbfeff2f6e0d6acb81b
Size

65KB
Sample

221107-et1nssaefp
MD5

20089be44b705cb679911c0a4bd69a50
SHA1

c488eb01994834ba31b0d50bb80e662bf99ffe8c
SHA256

6f147313fe1474b0ed73b0feb4f5d26f9738e5e1f75d8dbfeff2f6e0d6acb81b
SHA512

039568dee9361ca47a457919512ca0a724dad4457f7c5af718187baaa7b278cebe45af460a42b13ed73d64f599dadb0149c84d5e214f4271acad440781dac853
SSDEEP

1536:vMmOnMKUgK9EaYHCCrkTLGZbkRml8CK7sqf/:UmOnMKUgK9EVHdrkHGZbk2c7Hf

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  6f147313fe1474b0ed73b0feb4f5d26f9738e5e1f75d8dbfeff2f6e0d6acb81b
- Size
  
  65KB
- MD5
  
  20089be44b705cb679911c0a4bd69a50
- SHA1
  
  c488eb01994834ba31b0d50bb80e662bf99ffe8c
- SHA256
  
  6f147313fe1474b0ed73b0feb4f5d26f9738e5e1f75d8dbfeff2f6e0d6acb81b
- SHA512
  
  039568dee9361ca47a457919512ca0a724dad4457f7c5af718187baaa7b278cebe45af460a42b13ed73d64f599dadb0149c84d5e214f4271acad440781dac853
- SSDEEP
  
  1536:vMmOnMKUgK9EaYHCCrkTLGZbkRml8CK7sqf/:UmOnMKUgK9EVHdrkHGZbk2c7Hf
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence