6dce29757932874ccd282a3fc93d2e17bf3c7cbdb20120a6da25042fafcdd74a | Triage

Sharing

General

Target

6dce29757932874ccd282a3fc93d2e17bf3c7cbdb20120a6da25042fafcdd74a
Size

147KB
Sample

221203-x4y7tscf71
MD5

011c05eda26653f476d8ec49b6a8b210
SHA1

adda62a42511957bff27af877fa92205825412b7
SHA256

6dce29757932874ccd282a3fc93d2e17bf3c7cbdb20120a6da25042fafcdd74a
SHA512

3eef1f038e624789ed9552a5287392a0d4f6d82fe1a96dae8d9dbeb9be51d993dc86b5dccd960886df7362376feb38fd8f49f3dc90f55e191ad88ad44d298659
SSDEEP

3072:O56HRfBL8MFZ4OneMAytfhdbYzQvIc6RBB4:7RfBoYZNdcvc6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6dce29757932874ccd282a3fc93d2e17bf3c7cbdb20120a6da25042fafcdd74a
- Size
  
  147KB
- MD5
  
  011c05eda26653f476d8ec49b6a8b210
- SHA1
  
  adda62a42511957bff27af877fa92205825412b7
- SHA256
  
  6dce29757932874ccd282a3fc93d2e17bf3c7cbdb20120a6da25042fafcdd74a
- SHA512
  
  3eef1f038e624789ed9552a5287392a0d4f6d82fe1a96dae8d9dbeb9be51d993dc86b5dccd960886df7362376feb38fd8f49f3dc90f55e191ad88ad44d298659
- SSDEEP
  
  3072:O56HRfBL8MFZ4OneMAytfhdbYzQvIc6RBB4:7RfBoYZNdcvc6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence