6f496ba90da97cecd8a51e54dadb517adcc4c3a725ab2836ea5833386960d8e1 | Triage

Sharing

General

Target

6f496ba90da97cecd8a51e54dadb517adcc4c3a725ab2836ea5833386960d8e1
Size

401KB
Sample

221123-veka9sgg87
MD5

123da1463b19cccff651e2d8c7e903a3
SHA1

6e2ad96a319f405374ea261f32d4a924657761f5
SHA256

6f496ba90da97cecd8a51e54dadb517adcc4c3a725ab2836ea5833386960d8e1
SHA512

eaadc8f9bb535dfb146a8992d3b0db7b88f113db3a69a73966061fa60c8de262fea047b7305ca9b4c94330f59b834a42a74c09679c8f50291677a6bfd2709f93
SSDEEP

6144:1LkB+YLea42/rv5/mojecaPUF2iKmHPiZT:14+Oea42DvcPoDKWiZT

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6f496ba90da97cecd8a51e54dadb517adcc4c3a725ab2836ea5833386960d8e1
- Size
  
  401KB
- MD5
  
  123da1463b19cccff651e2d8c7e903a3
- SHA1
  
  6e2ad96a319f405374ea261f32d4a924657761f5
- SHA256
  
  6f496ba90da97cecd8a51e54dadb517adcc4c3a725ab2836ea5833386960d8e1
- SHA512
  
  eaadc8f9bb535dfb146a8992d3b0db7b88f113db3a69a73966061fa60c8de262fea047b7305ca9b4c94330f59b834a42a74c09679c8f50291677a6bfd2709f93
- SSDEEP
  
  6144:1LkB+YLea42/rv5/mojecaPUF2iKmHPiZT:14+Oea42DvcPoDKWiZT
Score

8^/10

persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2