f06c8c60be25cb5af2789421dcdf8c0de4de8f018cdf7992f8aca4a86d63d8a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f06c8c60be25cb5af2789421dcdf8c0de4de8f018cdf7992f8aca4a86d63d8a1
Size

161KB
Sample

221201-tpwavaeh56
MD5

a2e25afa2b05e454e7b85bcce7abafc6
SHA1

30c1fc59323ab146946f96ead3c2fdd9f692bccb
SHA256

f06c8c60be25cb5af2789421dcdf8c0de4de8f018cdf7992f8aca4a86d63d8a1
SHA512

5d56166d6b347250166773bb3cb3ac74f4b12b2c0e75ee2b5e5b9003eb7444102e3ae1d293f5d0cb91e96d2084f8fda7c61a8616c5d25fdf3662e67537652b58
SSDEEP

3072:baGdoNmae8XFEWxp5o6P7VIsICtbpGMtHndh5Hz:WxJJFEWv57ZIFCtbpGGndz

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  f06c8c60be25cb5af2789421dcdf8c0de4de8f018cdf7992f8aca4a86d63d8a1
- Size
  
  161KB
- MD5
  
  a2e25afa2b05e454e7b85bcce7abafc6
- SHA1
  
  30c1fc59323ab146946f96ead3c2fdd9f692bccb
- SHA256
  
  f06c8c60be25cb5af2789421dcdf8c0de4de8f018cdf7992f8aca4a86d63d8a1
- SHA512
  
  5d56166d6b347250166773bb3cb3ac74f4b12b2c0e75ee2b5e5b9003eb7444102e3ae1d293f5d0cb91e96d2084f8fda7c61a8616c5d25fdf3662e67537652b58
- SSDEEP
  
  3072:baGdoNmae8XFEWxp5o6P7VIsICtbpGMtHndh5Hz:WxJJFEWv57ZIFCtbpGGndz
Score

8^/10

persistence
- Modifies AppInit DLL entries
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2