6a832a43858b46fbf848ea9bb8efc74633f2ee33be82b0be9801556e65b8b8c4 | Triage

Sharing

General

Target

6a832a43858b46fbf848ea9bb8efc74633f2ee33be82b0be9801556e65b8b8c4
Size

116KB
Sample

221124-aqqxzaac4z
MD5

586365c2affcb632145b82d813e59bcd
SHA1

0a2203e7f5904f7bab741d66b30d1f5fdb00861b
SHA256

6a832a43858b46fbf848ea9bb8efc74633f2ee33be82b0be9801556e65b8b8c4
SHA512

da1ba8c3dfd074b63f1f67f909e799dab4c1e9b9003c8014e2de716a7e8fae473ba553f5086138d52069a113e51f77a236500c10b2366989306b22aedf0af713
SSDEEP

1536:1bXuJaDBeZjhtFgGjtXDTto2D9uCLBCPr8/NL44PerViI8kIi/p0:peJIeZj/FgoTq2lr20

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6a832a43858b46fbf848ea9bb8efc74633f2ee33be82b0be9801556e65b8b8c4
- Size
  
  116KB
- MD5
  
  586365c2affcb632145b82d813e59bcd
- SHA1
  
  0a2203e7f5904f7bab741d66b30d1f5fdb00861b
- SHA256
  
  6a832a43858b46fbf848ea9bb8efc74633f2ee33be82b0be9801556e65b8b8c4
- SHA512
  
  da1ba8c3dfd074b63f1f67f909e799dab4c1e9b9003c8014e2de716a7e8fae473ba553f5086138d52069a113e51f77a236500c10b2366989306b22aedf0af713
- SSDEEP
  
  1536:1bXuJaDBeZjhtFgGjtXDTto2D9uCLBCPr8/NL44PerViI8kIi/p0:peJIeZj/FgoTq2lr20
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence