6ba601ded0b0731e7f020405b94b7e873456a3d8e1e4d7b98d0ed1d50daf8646 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ba601ded0b0731e7f020405b94b7e873456a3d8e1e4d7b98d0ed1d50daf8646
Size

698KB
Sample

221107-hc9f6acec7
MD5

200216cdec9ee29da2cb13821dddaa90
SHA1

6a35f98bcef0432610d9668c6b9f1af030160353
SHA256

6ba601ded0b0731e7f020405b94b7e873456a3d8e1e4d7b98d0ed1d50daf8646
SHA512

6f50bcaec916c61484ba19fe145ca1ca097bb236f3f37ae575000f197d9af7036d9b7b5974af3eb230f86fe166ba1cd9256a0230545a1de3a187b52b3da0e00b
SSDEEP

12288:VHjcoe9PH96vB/fAuBcm9TyOE/xG3muGx44MG4Yx:VDgINfAuBcgcZG2uG24MG4Y

Score

8^/10

Malware Config

Targets

- Target
  
  6ba601ded0b0731e7f020405b94b7e873456a3d8e1e4d7b98d0ed1d50daf8646
- Size
  
  698KB
- MD5
  
  200216cdec9ee29da2cb13821dddaa90
- SHA1
  
  6a35f98bcef0432610d9668c6b9f1af030160353
- SHA256
  
  6ba601ded0b0731e7f020405b94b7e873456a3d8e1e4d7b98d0ed1d50daf8646
- SHA512
  
  6f50bcaec916c61484ba19fe145ca1ca097bb236f3f37ae575000f197d9af7036d9b7b5974af3eb230f86fe166ba1cd9256a0230545a1de3a187b52b3da0e00b
- SSDEEP
  
  12288:VHjcoe9PH96vB/fAuBcm9TyOE/xG3muGx44MG4Yx:VDgINfAuBcgcZG2uG24MG4Y
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2