7f6d6be451d3a85f993fce9da240b839d893cd597c84ade8dd92736c40a13325 | Triage

Sharing

General

Target

7f6d6be451d3a85f993fce9da240b839d893cd597c84ade8dd92736c40a13325
Size

87KB
Sample

221124-p27r7ahe2t
MD5

8c9938188d59145d816944d3d7d4af94
SHA1

3782f116f4b586816265a3237b749c209a6ade87
SHA256

7f6d6be451d3a85f993fce9da240b839d893cd597c84ade8dd92736c40a13325
SHA512

6d880bb1e2a108bb739aabed40aff52c0cd8e066f53e1c816adf5b8ec7bbe5f73b393b2669fea5a5fba2d25927cf3b0c9fe77398e5d5ec9567fb356f8f477d76
SSDEEP

1536:hyfN4nIOQlurxjurF61jgLbP9NnUh5jIek6IaYXyswWaWq:of8aw1jAP9NUtI5yWzq

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  7f6d6be451d3a85f993fce9da240b839d893cd597c84ade8dd92736c40a13325
- Size
  
  87KB
- MD5
  
  8c9938188d59145d816944d3d7d4af94
- SHA1
  
  3782f116f4b586816265a3237b749c209a6ade87
- SHA256
  
  7f6d6be451d3a85f993fce9da240b839d893cd597c84ade8dd92736c40a13325
- SHA512
  
  6d880bb1e2a108bb739aabed40aff52c0cd8e066f53e1c816adf5b8ec7bbe5f73b393b2669fea5a5fba2d25927cf3b0c9fe77398e5d5ec9567fb356f8f477d76
- SSDEEP
  
  1536:hyfN4nIOQlurxjurF61jgLbP9NnUh5jIek6IaYXyswWaWq:of8aw1jAP9NUtI5yWzq
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence