6774d2ef46f7f3a0cf92828b23afef0c593e40a3059f75c2ba746883aaee40e6 | Triage

Sharing

General

Target

6774d2ef46f7f3a0cf92828b23afef0c593e40a3059f75c2ba746883aaee40e6
Size

124KB
Sample

221205-15dt3acc78
MD5

d0cbad5f670e5203c16e63db8e5a633b
SHA1

26e105c6a162e6ec8961adf33657ec967a85f390
SHA256

6774d2ef46f7f3a0cf92828b23afef0c593e40a3059f75c2ba746883aaee40e6
SHA512

76f5b8f85e372ded27e03bf5e0a0ba08c58574e5e8534594a251dbeddf80a0cb7609f50abfb6ace021f9bc9f80f71cc831cd51ea53c1eec8058bd2898241f796
SSDEEP

1536:NdJzO5Y5bphRF/N69Be3O4Ga+FE1jKKvRgrkOSo7NeG0h/x:bx8YJph3FoI3O41+F0kSLp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6774d2ef46f7f3a0cf92828b23afef0c593e40a3059f75c2ba746883aaee40e6
- Size
  
  124KB
- MD5
  
  d0cbad5f670e5203c16e63db8e5a633b
- SHA1
  
  26e105c6a162e6ec8961adf33657ec967a85f390
- SHA256
  
  6774d2ef46f7f3a0cf92828b23afef0c593e40a3059f75c2ba746883aaee40e6
- SHA512
  
  76f5b8f85e372ded27e03bf5e0a0ba08c58574e5e8534594a251dbeddf80a0cb7609f50abfb6ace021f9bc9f80f71cc831cd51ea53c1eec8058bd2898241f796
- SSDEEP
  
  1536:NdJzO5Y5bphRF/N69Be3O4Ga+FE1jKKvRgrkOSo7NeG0h/x:bx8YJph3FoI3O41+F0kSLp
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence