6ef5f9c6724bec54aac6b53a2c0b30ba56e84072d3c9e0bcfe589e4a6389be8f | Triage

Sharing

General

Target

6ef5f9c6724bec54aac6b53a2c0b30ba56e84072d3c9e0bcfe589e4a6389be8f
Size

60KB
Sample

221202-zxjvnshc61
MD5

44ab314d5404e78d466e1833fc668a4d
SHA1

d2ae74e4244042dac9c6eff209f6a9b835159cad
SHA256

6ef5f9c6724bec54aac6b53a2c0b30ba56e84072d3c9e0bcfe589e4a6389be8f
SHA512

588e9e2cb17897226819fb81e9b70ff1d7e68e9026b550c6d0ff414843f32ffeb6b6326ca9d6c202335c99d65e5f2d170572e67cfcfe6b02a62996d920adae9e
SSDEEP

768:pX8x1BAKpa1tb1s+W2D2n/z/D0lbdfs3OfKDHGqHg6WBY:pX0RaY2a/Dxg6WBY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6ef5f9c6724bec54aac6b53a2c0b30ba56e84072d3c9e0bcfe589e4a6389be8f
- Size
  
  60KB
- MD5
  
  44ab314d5404e78d466e1833fc668a4d
- SHA1
  
  d2ae74e4244042dac9c6eff209f6a9b835159cad
- SHA256
  
  6ef5f9c6724bec54aac6b53a2c0b30ba56e84072d3c9e0bcfe589e4a6389be8f
- SHA512
  
  588e9e2cb17897226819fb81e9b70ff1d7e68e9026b550c6d0ff414843f32ffeb6b6326ca9d6c202335c99d65e5f2d170572e67cfcfe6b02a62996d920adae9e
- SSDEEP
  
  768:pX8x1BAKpa1tb1s+W2D2n/z/D0lbdfs3OfKDHGqHg6WBY:pX0RaY2a/Dxg6WBY
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence