6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456 | Triage

Sharing

General

Target

6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
Size

68KB
Sample

221123-xk8bdsfc78
MD5

1ddadc8836c58e6cf1e0520d01cae656
SHA1

b4a51e1f8dd03bf4309e6982de7bc2d3ac1a32c9
SHA256

6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
SHA512

656034a1280f3788a52ffd6bc7d110e7ad4241dcf18eaacdf50ff47e30cc0187a0c75741fdc5beef17b07a15cfb9ae7b1c4a64877521702ed0ea5bde35e1f6b4
SSDEEP

1536:OjcznvDjY/u7RLw5gbNsGKRlCY19TO21EUghNHzrztTZd4e:OjIvDjnxrno0Y1I21EUq/B1

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
- Size
  
  68KB
- MD5
  
  1ddadc8836c58e6cf1e0520d01cae656
- SHA1
  
  b4a51e1f8dd03bf4309e6982de7bc2d3ac1a32c9
- SHA256
  
  6fdf1fe343cf7d18b43ea736ce78f63283ff53913dfff32c07b6806c456fc456
- SHA512
  
  656034a1280f3788a52ffd6bc7d110e7ad4241dcf18eaacdf50ff47e30cc0187a0c75741fdc5beef17b07a15cfb9ae7b1c4a64877521702ed0ea5bde35e1f6b4
- SSDEEP
  
  1536:OjcznvDjY/u7RLw5gbNsGKRlCY19TO21EUghNHzrztTZd4e:OjIvDjnxrno0Y1I21EUq/B1
Score

10^/10

evasion persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence