6ee85fdfddc5a801748a4e60cee92693c64c3dd58346a3be519fc4f509b4ed10 | Triage

Sharing

General

Target

6ee85fdfddc5a801748a4e60cee92693c64c3dd58346a3be519fc4f509b4ed10
Size

24KB
Sample

221202-v8d2cahf43
MD5

08bbfcf5472f69e0ec059b0336b23d0d
SHA1

75d22317e08efd83aa51aa1581efb50d33fe78b2
SHA256

6ee85fdfddc5a801748a4e60cee92693c64c3dd58346a3be519fc4f509b4ed10
SHA512

4ff9fa79b9bde541bc45a1c5b7b916c83b01be9b5b11550fd98728a0d8eeea1fcd5466124bd67de9cc40d8c0ef12beb5f11da44be066a1f1aaae02f4ccf7fe0f
SSDEEP

384:piTs79m1fPPY2PKj6Russ3bzsEumEwUqPi2fYO2STTgiKZPay3hSI:pikcPYsRusQshmEwUqaDO2uDKZShI

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  6ee85fdfddc5a801748a4e60cee92693c64c3dd58346a3be519fc4f509b4ed10
- Size
  
  24KB
- MD5
  
  08bbfcf5472f69e0ec059b0336b23d0d
- SHA1
  
  75d22317e08efd83aa51aa1581efb50d33fe78b2
- SHA256
  
  6ee85fdfddc5a801748a4e60cee92693c64c3dd58346a3be519fc4f509b4ed10
- SHA512
  
  4ff9fa79b9bde541bc45a1c5b7b916c83b01be9b5b11550fd98728a0d8eeea1fcd5466124bd67de9cc40d8c0ef12beb5f11da44be066a1f1aaae02f4ccf7fe0f
- SSDEEP
  
  384:piTs79m1fPPY2PKj6Russ3bzsEumEwUqPi2fYO2STTgiKZPay3hSI:pikcPYsRusQshmEwUqaDO2uDKZShI
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence