6ebce548c356df0fdbfe471c9745ac34b166bf2c329f1d8714b99038c0ccefc3 | Triage

Submit
Reports

Overview

overview

8

Static

static

6ebce548c3...c3.exe

windows7-x64

8

6ebce548c3...c3.exe

windows10-2004-x64

8

Sharing

General

Target

6ebce548c356df0fdbfe471c9745ac34b166bf2c329f1d8714b99038c0ccefc3
Size

3.3MB
Sample

221124-rw7w4sag35
MD5

a0095a1f6a1fcb3d1a3ed922f00ddfac
SHA1

3f199b3f2c98553ed77e710c274a500c8d60a36b
SHA256

6ebce548c356df0fdbfe471c9745ac34b166bf2c329f1d8714b99038c0ccefc3
SHA512

c28773fb9d8e363d59e4d5369b3c7e2cc73028699364eb4f4c45d8e8e214f8dd531950225cf7ae29c7e0f8841048b7d37ac9c289cc64bf8420a064759436f42e
SSDEEP

98304:53YobVRxj94j/JpY6A7PFLiWg5RxjUZzg:FYeujnY6aIrYZ8

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

6ebce548c356df0fdbfe471c9745ac34b166bf2c329f1d8714b99038c0ccefc3.exe

Resource

win7-20220812-en

discovery persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ebce548c356df0fdbfe471c9745ac34b166bf2c329f1d8714b99038c0ccefc3.exe

Resource

win10v2004-20221111-en

discovery persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ebce548c356df0fdbfe471c9745ac34b166bf2c329f1d8714b99038c0ccefc3
- Size
  
  3.3MB
- MD5
  
  a0095a1f6a1fcb3d1a3ed922f00ddfac
- SHA1
  
  3f199b3f2c98553ed77e710c274a500c8d60a36b
- SHA256
  
  6ebce548c356df0fdbfe471c9745ac34b166bf2c329f1d8714b99038c0ccefc3
- SHA512
  
  c28773fb9d8e363d59e4d5369b3c7e2cc73028699364eb4f4c45d8e8e214f8dd531950225cf7ae29c7e0f8841048b7d37ac9c289cc64bf8420a064759436f42e
- SSDEEP
  
  98304:53YobVRxj94j/JpY6A7PFLiWg5RxjUZzg:FYeujnY6aIrYZ8
Score

8^/10

discovery persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy