6cf6d0450e26caf8976bd6165bc3da94a2e7917f431eb8462ac679c75f72babe | Triage

Sharing

General

Target

6cf6d0450e26caf8976bd6165bc3da94a2e7917f431eb8462ac679c75f72babe
Size

203KB
Sample

221205-31te3aaa79
MD5

d9bd1836d86e8d17131f15244b40d385
SHA1

6c7a432b6849a58876a7f8c3a5dbfdf7dbc81291
SHA256

6cf6d0450e26caf8976bd6165bc3da94a2e7917f431eb8462ac679c75f72babe
SHA512

3767a3927d7056f11f56b52e92ed6b21598f840ba8f96010f0d2cf678e4aa7b1b73313d1b30b90d568117f8e69e136b0f4ff606796b578b8c1a82f53cd42502f
SSDEEP

3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0hJ8D43D0c0rpOdt/46KC5NT/2enMY:WbXE9OiTGfhEClq9YKZcP7/UC30Y

Score

8^/10

Malware Config

Targets

- Target
  
  6cf6d0450e26caf8976bd6165bc3da94a2e7917f431eb8462ac679c75f72babe
- Size
  
  203KB
- MD5
  
  d9bd1836d86e8d17131f15244b40d385
- SHA1
  
  6c7a432b6849a58876a7f8c3a5dbfdf7dbc81291
- SHA256
  
  6cf6d0450e26caf8976bd6165bc3da94a2e7917f431eb8462ac679c75f72babe
- SHA512
  
  3767a3927d7056f11f56b52e92ed6b21598f840ba8f96010f0d2cf678e4aa7b1b73313d1b30b90d568117f8e69e136b0f4ff606796b578b8c1a82f53cd42502f
- SSDEEP
  
  3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0hJ8D43D0c0rpOdt/46KC5NT/2enMY:WbXE9OiTGfhEClq9YKZcP7/UC30Y
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2