6f6fdaa1378272891ec0e25f3dc2633b2dd883202955101e6828dd5ba7184920 | Triage

Sharing

General

Target

6f6fdaa1378272891ec0e25f3dc2633b2dd883202955101e6828dd5ba7184920
Size

208KB
Sample

221123-vfq57sbg9z
MD5

16dd8dc319048e08081a121d1b333e89
SHA1

ac390d81509e1bc77bbefd14c6378760d21ed906
SHA256

6f6fdaa1378272891ec0e25f3dc2633b2dd883202955101e6828dd5ba7184920
SHA512

a4fc0d33f55a917fa03501dd6899a79d12261bcb268ca392045cf7501c6943d268db17813502732f7faba5ccce29b5a0fb839fbcc1fdd6ad0f9be2e0e0a2ba93
SSDEEP

6144:9ossWuQmToYfPeffkxsthVIVO+b/RnmbT4PW9UmE7ldESgvSAOuOwZ:9PuQmToYfPeffkxsthVIVO+b/9mbkPWv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6f6fdaa1378272891ec0e25f3dc2633b2dd883202955101e6828dd5ba7184920
- Size
  
  208KB
- MD5
  
  16dd8dc319048e08081a121d1b333e89
- SHA1
  
  ac390d81509e1bc77bbefd14c6378760d21ed906
- SHA256
  
  6f6fdaa1378272891ec0e25f3dc2633b2dd883202955101e6828dd5ba7184920
- SHA512
  
  a4fc0d33f55a917fa03501dd6899a79d12261bcb268ca392045cf7501c6943d268db17813502732f7faba5ccce29b5a0fb839fbcc1fdd6ad0f9be2e0e0a2ba93
- SSDEEP
  
  6144:9ossWuQmToYfPeffkxsthVIVO+b/RnmbT4PW9UmE7ldESgvSAOuOwZ:9PuQmToYfPeffkxsthVIVO+b/9mbkPWv
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence