6fbc1dc92a94cda2e12fd18cdfa7fdcf1ae2b440ad120f395f6431e344044e8a | Triage

Sharing

General

Target

6fbc1dc92a94cda2e12fd18cdfa7fdcf1ae2b440ad120f395f6431e344044e8a
Size

289KB
Sample

221127-wmt14sgb85
MD5

795c22ec14d24150443be37fce9fae73
SHA1

cafdddc3fde7ef1bdcbdd6ca067a57ed2a4f8a9b
SHA256

6fbc1dc92a94cda2e12fd18cdfa7fdcf1ae2b440ad120f395f6431e344044e8a
SHA512

76fee17f95cccad4e8cd9b559bc16f009492d45ae37ba8ed7d715df74dae0f518255effd02e8a907cdc737ae6a76a7f2ff9f4e906b8eebc635afcc0cd3884d89
SSDEEP

3072:iCA3hovBn7VqEizw6RidCLbJWMrwoO7rnN3lnpkAjL6LBVlvMLL3QveQR1:CxovBn7Vq9RidcZQHN1p3yLxMLLeJ

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6fbc1dc92a94cda2e12fd18cdfa7fdcf1ae2b440ad120f395f6431e344044e8a
- Size
  
  289KB
- MD5
  
  795c22ec14d24150443be37fce9fae73
- SHA1
  
  cafdddc3fde7ef1bdcbdd6ca067a57ed2a4f8a9b
- SHA256
  
  6fbc1dc92a94cda2e12fd18cdfa7fdcf1ae2b440ad120f395f6431e344044e8a
- SHA512
  
  76fee17f95cccad4e8cd9b559bc16f009492d45ae37ba8ed7d715df74dae0f518255effd02e8a907cdc737ae6a76a7f2ff9f4e906b8eebc635afcc0cd3884d89
- SSDEEP
  
  3072:iCA3hovBn7VqEizw6RidCLbJWMrwoO7rnN3lnpkAjL6LBVlvMLL3QveQR1:CxovBn7Vq9RidcZQHN1p3yLxMLLeJ
Score

8^/10

persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2