6782096df96e79c66161440a1226f01f2b63880eef6356cdd759f6408d28cbfc | Triage

Sharing

General

Target

6782096df96e79c66161440a1226f01f2b63880eef6356cdd759f6408d28cbfc
Size

610KB
Sample

221201-mebecshe65
MD5

8cd355ccd75ac1b337831911d5a226e4
SHA1

30a08f5a2b57c59099d54f261fbcfc15b8dc5a8e
SHA256

6782096df96e79c66161440a1226f01f2b63880eef6356cdd759f6408d28cbfc
SHA512

1f922771fcb5133bfb1b79ef6e978ce916fe6b1030fadb77a89e49241eefc9164d18a75218890e2260983dcc03e2f4a29159bc7f704bba86844049d19fbcdf94
SSDEEP

12288:TjG/5NwYkK19iOCr+TMoO30mYn0YaAsGhQHxM5DKTrH5eZQ2x:TjGAK19iOCr+TMoO30mYn0YaAstHxM51

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  6782096df96e79c66161440a1226f01f2b63880eef6356cdd759f6408d28cbfc
- Size
  
  610KB
- MD5
  
  8cd355ccd75ac1b337831911d5a226e4
- SHA1
  
  30a08f5a2b57c59099d54f261fbcfc15b8dc5a8e
- SHA256
  
  6782096df96e79c66161440a1226f01f2b63880eef6356cdd759f6408d28cbfc
- SHA512
  
  1f922771fcb5133bfb1b79ef6e978ce916fe6b1030fadb77a89e49241eefc9164d18a75218890e2260983dcc03e2f4a29159bc7f704bba86844049d19fbcdf94
- SSDEEP
  
  12288:TjG/5NwYkK19iOCr+TMoO30mYn0YaAsGhQHxM5DKTrH5eZQ2x:TjGAK19iOCr+TMoO30mYn0YaAstHxM51
Score

8^/10

persistence
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2