9b6dbaa324c0286b4c5fa0cfcbc21678a2c0137d3f32a11eab04b19cedf4240b | Triage

Sharing

General

Target

9b6dbaa324c0286b4c5fa0cfcbc21678a2c0137d3f32a11eab04b19cedf4240b
Size

186KB
Sample

221123-m9bzdabc9s
MD5

672fe820b80e57830884bd719175e49d
SHA1

d6f8a311d91ae0a9af6f1042c088240f32867743
SHA256

9b6dbaa324c0286b4c5fa0cfcbc21678a2c0137d3f32a11eab04b19cedf4240b
SHA512

6ed3deaff6ed4f9b4a49ac32457301c8e86691d38ffee7319e9d02cb6f4be8c0a7c153811621d88fec236b9559c6407b0b5a7c0615ed159234812d1761b117c8
SSDEEP

3072:dPwYi9DaW25hmcq+vLQmllkdzKZrPfPyuCnENXmTxuVKWILdyR/9vNG8q+hrC7c4:dPwt1aW8hmc5D4FePfPytgmE4WQK9VqJ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  9b6dbaa324c0286b4c5fa0cfcbc21678a2c0137d3f32a11eab04b19cedf4240b
- Size
  
  186KB
- MD5
  
  672fe820b80e57830884bd719175e49d
- SHA1
  
  d6f8a311d91ae0a9af6f1042c088240f32867743
- SHA256
  
  9b6dbaa324c0286b4c5fa0cfcbc21678a2c0137d3f32a11eab04b19cedf4240b
- SHA512
  
  6ed3deaff6ed4f9b4a49ac32457301c8e86691d38ffee7319e9d02cb6f4be8c0a7c153811621d88fec236b9559c6407b0b5a7c0615ed159234812d1761b117c8
- SSDEEP
  
  3072:dPwYi9DaW25hmcq+vLQmllkdzKZrPfPyuCnENXmTxuVKWILdyR/9vNG8q+hrC7c4:dPwt1aW8hmc5D4FePfPytgmE4WQK9VqJ
Score

8^/10

persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2