6cc310ee0e58be8d0ec8f6b47341299cb3ce7722fdb3240bc17349625125bb01 | Triage

Sharing

General

Target

6cc310ee0e58be8d0ec8f6b47341299cb3ce7722fdb3240bc17349625125bb01
Size

204KB
Sample

221128-cf4r7abe8y
MD5

1b67f5e624133c2527de76754a452467
SHA1

34d9d21af4e1edad2910d393602e213b36cdc78c
SHA256

6cc310ee0e58be8d0ec8f6b47341299cb3ce7722fdb3240bc17349625125bb01
SHA512

5b5dcd2ba9c9b32bafedba0da34af1be7a1222b984f5c1c05f95c8b5e55ceb3fe9e2b3bfdda3b328f42447943e9e7d760857e71e0b03b90493a84da657eb6c02
SSDEEP

3072:XmhW8Y0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWa2N:WQX4QxL7B9W0c1RCzR/fSmlw

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6cc310ee0e58be8d0ec8f6b47341299cb3ce7722fdb3240bc17349625125bb01
- Size
  
  204KB
- MD5
  
  1b67f5e624133c2527de76754a452467
- SHA1
  
  34d9d21af4e1edad2910d393602e213b36cdc78c
- SHA256
  
  6cc310ee0e58be8d0ec8f6b47341299cb3ce7722fdb3240bc17349625125bb01
- SHA512
  
  5b5dcd2ba9c9b32bafedba0da34af1be7a1222b984f5c1c05f95c8b5e55ceb3fe9e2b3bfdda3b328f42447943e9e7d760857e71e0b03b90493a84da657eb6c02
- SSDEEP
  
  3072:XmhW8Y0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWa2N:WQX4QxL7B9W0c1RCzR/fSmlw
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence