6b2e420abacf6c8bb4b28b765c82f3c8761c0d727fc0187f6a3f32923e6615e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b2e420abacf6c8bb4b28b765c82f3c8761c0d727fc0187f6a3f32923e6615e9
Size

272KB
Sample

221107-y9ssnsaegn
MD5

0eafe4cbe0bb7a1f0f4826e1593e3f10
SHA1

43d086e0860f7c363bb5efae28b6693fc746a22f
SHA256

6b2e420abacf6c8bb4b28b765c82f3c8761c0d727fc0187f6a3f32923e6615e9
SHA512

d3ca65ca2c98f4d6aded0e04cd2bb7b8b63f5972460689fdb197303ca461ac091873436c8b7bf15dbcd15a649a9fe46d3a0334633806e6bd4e8f32bcdef51e21
SSDEEP

3072:BjsDTNg91R0FvbVJznCRcy/hqF69MSs/PLLK+ammU3YwgTeA31sr:atS8fznHC39G/PLLKU3YwgTw

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6b2e420abacf6c8bb4b28b765c82f3c8761c0d727fc0187f6a3f32923e6615e9
- Size
  
  272KB
- MD5
  
  0eafe4cbe0bb7a1f0f4826e1593e3f10
- SHA1
  
  43d086e0860f7c363bb5efae28b6693fc746a22f
- SHA256
  
  6b2e420abacf6c8bb4b28b765c82f3c8761c0d727fc0187f6a3f32923e6615e9
- SHA512
  
  d3ca65ca2c98f4d6aded0e04cd2bb7b8b63f5972460689fdb197303ca461ac091873436c8b7bf15dbcd15a649a9fe46d3a0334633806e6bd4e8f32bcdef51e21
- SSDEEP
  
  3072:BjsDTNg91R0FvbVJznCRcy/hqF69MSs/PLLK+ammU3YwgTeA31sr:atS8fznHC39G/PLLKU3YwgTw
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence