a6f1ea90c5c15d0da98ee9a545f10ffcfe6327f22dd13e41d7ebb676a17fef14 | Triage

Sharing

General

Target

a6f1ea90c5c15d0da98ee9a545f10ffcfe6327f22dd13e41d7ebb676a17fef14
Size

128KB
Sample

221124-appcraab7x
MD5

515f63b6647a633f0e5246e6b1c06263
SHA1

c183a64ee7e664f6e07fdf555f1130b03e6ac32c
SHA256

a6f1ea90c5c15d0da98ee9a545f10ffcfe6327f22dd13e41d7ebb676a17fef14
SHA512

ec3af034fcede6ebe71e90bca0de3b18d3d9bfaf598e082538a8ba34d8297b63f0b0c56c9f422f2d5ba9f8b29af3b073c2d6a5ad18e931dcc14a8f086d8d3808
SSDEEP

1536:+Sk8uBI8OTta097n9Is9Flc4IE3IezPoVTTqtFhUpHnkHUS65BciumHnXtk:zk8uNOTs0BvHWAotqbvBmHS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  a6f1ea90c5c15d0da98ee9a545f10ffcfe6327f22dd13e41d7ebb676a17fef14
- Size
  
  128KB
- MD5
  
  515f63b6647a633f0e5246e6b1c06263
- SHA1
  
  c183a64ee7e664f6e07fdf555f1130b03e6ac32c
- SHA256
  
  a6f1ea90c5c15d0da98ee9a545f10ffcfe6327f22dd13e41d7ebb676a17fef14
- SHA512
  
  ec3af034fcede6ebe71e90bca0de3b18d3d9bfaf598e082538a8ba34d8297b63f0b0c56c9f422f2d5ba9f8b29af3b073c2d6a5ad18e931dcc14a8f086d8d3808
- SSDEEP
  
  1536:+Sk8uBI8OTta097n9Is9Flc4IE3IezPoVTTqtFhUpHnkHUS65BciumHnXtk:zk8uNOTs0BvHWAotqbvBmHS
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence