6ab33f689a79095fcbc71df3a2f3d93387d8ac7bf5e7461e8c65aed2b6038792 | Triage

Sharing

General

Target

6ab33f689a79095fcbc71df3a2f3d93387d8ac7bf5e7461e8c65aed2b6038792
Size

204KB
Sample

221124-aql9saac4v
MD5

506208625ac93839c284cbfdfd05b9fe
SHA1

067ecb589cb5f75ee1c596cc9b1928f7bcca9f1d
SHA256

6ab33f689a79095fcbc71df3a2f3d93387d8ac7bf5e7461e8c65aed2b6038792
SHA512

b7b8282e0f71653033fa8364335094753f9fc8aa0a118bf7147a314246195008b914f76ba6cb609764be617aef2bd0b57d7a651cea70b93ef17e11a4906d1d70
SSDEEP

3072:+Vr+bRN2K57jQpI6d27GVV+FWl11oQB7t9X7aOQC:O+vF57jQS6dQGVVmWOQFL7aOQC

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6ab33f689a79095fcbc71df3a2f3d93387d8ac7bf5e7461e8c65aed2b6038792
- Size
  
  204KB
- MD5
  
  506208625ac93839c284cbfdfd05b9fe
- SHA1
  
  067ecb589cb5f75ee1c596cc9b1928f7bcca9f1d
- SHA256
  
  6ab33f689a79095fcbc71df3a2f3d93387d8ac7bf5e7461e8c65aed2b6038792
- SHA512
  
  b7b8282e0f71653033fa8364335094753f9fc8aa0a118bf7147a314246195008b914f76ba6cb609764be617aef2bd0b57d7a651cea70b93ef17e11a4906d1d70
- SSDEEP
  
  3072:+Vr+bRN2K57jQpI6d27GVV+FWl11oQB7t9X7aOQC:O+vF57jQS6dQGVVmWOQFL7aOQC
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence