6f21d52264bd0992a7613178decb214d5a135921640768815d1c567bc847ca99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f21d52264bd0992a7613178decb214d5a135921640768815d1c567bc847ca99
Size

160KB
Sample

221107-zjx55sbafl
MD5

013a798498536f0b8321c9711cc84200
SHA1

e6e084e89ace5ba49f18006d42e863a2f507f003
SHA256

6f21d52264bd0992a7613178decb214d5a135921640768815d1c567bc847ca99
SHA512

4b0ab8a1d8042066bc720b2353315d2de4e3c04ae409f7c0c6c7f3f431cb6433dde2384d79db9d8c1ae6b84ec2caa23b617e20913d10de0e198ac5aefeeca585
SSDEEP

3072:JhaxJptfKqOdBsebgeDyJiqmdoTtawZPotUPvPDspYxjatL0JiTeDOokR49M6e3t:naDptfKRLsebgeDyJtmdo7PIWDspYJaB

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6f21d52264bd0992a7613178decb214d5a135921640768815d1c567bc847ca99
- Size
  
  160KB
- MD5
  
  013a798498536f0b8321c9711cc84200
- SHA1
  
  e6e084e89ace5ba49f18006d42e863a2f507f003
- SHA256
  
  6f21d52264bd0992a7613178decb214d5a135921640768815d1c567bc847ca99
- SHA512
  
  4b0ab8a1d8042066bc720b2353315d2de4e3c04ae409f7c0c6c7f3f431cb6433dde2384d79db9d8c1ae6b84ec2caa23b617e20913d10de0e198ac5aefeeca585
- SSDEEP
  
  3072:JhaxJptfKqOdBsebgeDyJiqmdoTtawZPotUPvPDspYxjatL0JiTeDOokR49M6e3t:naDptfKRLsebgeDyJtmdo7PIWDspYJaB
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence