06dfd4040eef501cd982523bab40d3daab7be5e4eec620eef5e122cb6bb89173 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06dfd4040eef501cd982523bab40d3daab7be5e4eec620eef5e122cb6bb89173
Size

60KB
Sample

221127-xgvk5aee4s
MD5

ecbaf142c9c9fb53196ce0908fb4edc0
SHA1

12a80053b204e426866b19501899bb6f615e4ece
SHA256

06dfd4040eef501cd982523bab40d3daab7be5e4eec620eef5e122cb6bb89173
SHA512

e0c4bacf66ae7a095f442503a7c8f174f2dd65fa244aa5cf3ad42a6c78aff45d4caa43b363c22b782481abc2367259d30e8a9c0763ddc54abf471f70008d1fa9
SSDEEP

1536:iRQvYQCLQ4gXkfyWjZRwp6/OrCF/w12TItl+zEq:tvYoXCZRwpiOY/w12TSvq

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  06dfd4040eef501cd982523bab40d3daab7be5e4eec620eef5e122cb6bb89173
- Size
  
  60KB
- MD5
  
  ecbaf142c9c9fb53196ce0908fb4edc0
- SHA1
  
  12a80053b204e426866b19501899bb6f615e4ece
- SHA256
  
  06dfd4040eef501cd982523bab40d3daab7be5e4eec620eef5e122cb6bb89173
- SHA512
  
  e0c4bacf66ae7a095f442503a7c8f174f2dd65fa244aa5cf3ad42a6c78aff45d4caa43b363c22b782481abc2367259d30e8a9c0763ddc54abf471f70008d1fa9
- SSDEEP
  
  1536:iRQvYQCLQ4gXkfyWjZRwp6/OrCF/w12TItl+zEq:tvYoXCZRwpiOY/w12TSvq
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence