6c9f67067a876c7c3397a455e410fb153915d092d20f07cc88aa77e9fddfee61 | Triage

Submit
Reports

Overview

overview

8

Static

static

6c9f67067a...61.exe

windows7-x64

8

6c9f67067a...61.exe

windows10-2004-x64

8

Sharing

General

Target

6c9f67067a876c7c3397a455e410fb153915d092d20f07cc88aa77e9fddfee61
Size

136KB
Sample

221125-kfq54ahc9x
MD5

5e4be45a486cb897eb08299d30165cc5
SHA1

eee529acf2bda485924a9af7d0a48cba6ac9b44d
SHA256

6c9f67067a876c7c3397a455e410fb153915d092d20f07cc88aa77e9fddfee61
SHA512

a8e0992e51c59748d4a06b7ac857c9ce6d8866a6bffc751ebc282f5564b56638d0e5c2cb0b75c15e2cd2affbf30c658c40ac400193b9067514c702cbee7c0c00
SSDEEP

3072:RNrioZnIXNPfj7+wpqc7uZF4cK5BbRybFvJXztb3UNeIM:/riinId3+wpqquyT03UNW

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

6c9f67067a876c7c3397a455e410fb153915d092d20f07cc88aa77e9fddfee61.exe

Resource

win7-20220901-en

discovery persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c9f67067a876c7c3397a455e410fb153915d092d20f07cc88aa77e9fddfee61.exe

Resource

win10v2004-20221111-en

discovery persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c9f67067a876c7c3397a455e410fb153915d092d20f07cc88aa77e9fddfee61
- Size
  
  136KB
- MD5
  
  5e4be45a486cb897eb08299d30165cc5
- SHA1
  
  eee529acf2bda485924a9af7d0a48cba6ac9b44d
- SHA256
  
  6c9f67067a876c7c3397a455e410fb153915d092d20f07cc88aa77e9fddfee61
- SHA512
  
  a8e0992e51c59748d4a06b7ac857c9ce6d8866a6bffc751ebc282f5564b56638d0e5c2cb0b75c15e2cd2affbf30c658c40ac400193b9067514c702cbee7c0c00
- SSDEEP
  
  3072:RNrioZnIXNPfj7+wpqc7uZF4cK5BbRybFvJXztb3UNeIM:/riinId3+wpqquyT03UNW
Score

8^/10

discovery persistence
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Privilege Escalation

New Service

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy