b6351cf92f9196961670c1d4190cab5d3a3354ee0524339c177c177afbb150de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6351cf92f9196961670c1d4190cab5d3a3354ee0524339c177c177afbb150de
Size

248KB
Sample

221205-291easfh85
MD5

33d00fe591f0582c5adbeaea5d434237
SHA1

8d53262d6d0f9baf407efed2b5de5bad5c302cd2
SHA256

b6351cf92f9196961670c1d4190cab5d3a3354ee0524339c177c177afbb150de
SHA512

f0d5a049185b8c2545b295836110c250d4e9ce2dfdf5eae7f88fea8e69e72a0b890ab5dbffad3efddebb00d93e4637618f6e9e9b8188f3b95aef2f275efceed5
SSDEEP

6144:TBxVQ1yyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyJ:TBjyUf9DRKlqgErIsKnPmb7/jWa1e+5T

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  b6351cf92f9196961670c1d4190cab5d3a3354ee0524339c177c177afbb150de
- Size
  
  248KB
- MD5
  
  33d00fe591f0582c5adbeaea5d434237
- SHA1
  
  8d53262d6d0f9baf407efed2b5de5bad5c302cd2
- SHA256
  
  b6351cf92f9196961670c1d4190cab5d3a3354ee0524339c177c177afbb150de
- SHA512
  
  f0d5a049185b8c2545b295836110c250d4e9ce2dfdf5eae7f88fea8e69e72a0b890ab5dbffad3efddebb00d93e4637618f6e9e9b8188f3b95aef2f275efceed5
- SSDEEP
  
  6144:TBxVQ1yyUf9dgAVRKlqBiErIsKnPmb7/jWal+FfAje+5/RxoOsutOSD/uP39RWyJ:TBjyUf9DRKlqgErIsKnPmb7/jWa1e+5T
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence