6ce0e245b16cae14448bfd519c2e887777381159e7fd0fc442575a7f5e694222 | Triage

Sharing

General

Target

6ce0e245b16cae14448bfd519c2e887777381159e7fd0fc442575a7f5e694222
Size

192KB
Sample

221202-2e9pgseb41
MD5

6f5a9d9f99aeb5099ef07a65fbf82379
SHA1

48665304dc370d133e7894b4f89a6ec776b904f7
SHA256

6ce0e245b16cae14448bfd519c2e887777381159e7fd0fc442575a7f5e694222
SHA512

0a089e3517513269320ead437fcf838c01586697a41d70f82a7357ae9ded7e940e00b98d05c9687f45d295c6b629582810d144b3589902afe11b21abfa78a1a0
SSDEEP

3072:3u8+MvBnOBrpM3lt0bqO4deKIpS2Q9tC3UwtxaTSGzGXDzp8D8OJbhaDge3oKZ:5nOBr63cbqO40K394aTSGzGZ8ogcYA

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6ce0e245b16cae14448bfd519c2e887777381159e7fd0fc442575a7f5e694222
- Size
  
  192KB
- MD5
  
  6f5a9d9f99aeb5099ef07a65fbf82379
- SHA1
  
  48665304dc370d133e7894b4f89a6ec776b904f7
- SHA256
  
  6ce0e245b16cae14448bfd519c2e887777381159e7fd0fc442575a7f5e694222
- SHA512
  
  0a089e3517513269320ead437fcf838c01586697a41d70f82a7357ae9ded7e940e00b98d05c9687f45d295c6b629582810d144b3589902afe11b21abfa78a1a0
- SSDEEP
  
  3072:3u8+MvBnOBrpM3lt0bqO4deKIpS2Q9tC3UwtxaTSGzGXDzp8D8OJbhaDge3oKZ:5nOBr63cbqO40K394aTSGzGZ8ogcYA
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence