016006b4e10e6833e36780f68777b7265f105b21a09cbab4f0be8fc45c2e12c0 | Triage

Sharing

General

Target

016006b4e10e6833e36780f68777b7265f105b21a09cbab4f0be8fc45c2e12c0
Size

333KB
Sample

221123-hbdyvshb9v
MD5

59718e10ab8973add6082a88429acf2f
SHA1

996e942c8be550db9600d5d544f1c09ef41c3047
SHA256

016006b4e10e6833e36780f68777b7265f105b21a09cbab4f0be8fc45c2e12c0
SHA512

83b81ebf0864d6d2ba8902c576416f3b02ede7ed9962af9a0ed8b9e54f4002001d37422262ab8379a13acc69d8ec80b6dae5d48c89e856c52394ac3fc0d6bb50
SSDEEP

3072:ntX/KAx6vl3bg7fdZEXIYznzaAOT4XUlA/2lRvmAWHFa4inrFhVXXjofmcNdmJte:ntXjx6vSb7VGZM3tnrbVHKyt8DNdRI

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  016006b4e10e6833e36780f68777b7265f105b21a09cbab4f0be8fc45c2e12c0
- Size
  
  333KB
- MD5
  
  59718e10ab8973add6082a88429acf2f
- SHA1
  
  996e942c8be550db9600d5d544f1c09ef41c3047
- SHA256
  
  016006b4e10e6833e36780f68777b7265f105b21a09cbab4f0be8fc45c2e12c0
- SHA512
  
  83b81ebf0864d6d2ba8902c576416f3b02ede7ed9962af9a0ed8b9e54f4002001d37422262ab8379a13acc69d8ec80b6dae5d48c89e856c52394ac3fc0d6bb50
- SSDEEP
  
  3072:ntX/KAx6vl3bg7fdZEXIYznzaAOT4XUlA/2lRvmAWHFa4inrFhVXXjofmcNdmJte:ntXjx6vSb7VGZM3tnrbVHKyt8DNdRI
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1