6c42459c1638b6eaa783c9cbf6886761c6e8e9cd11c891abc34d664e539dffce | Triage

Sharing

General

Target

6c42459c1638b6eaa783c9cbf6886761c6e8e9cd11c891abc34d664e539dffce
Size

45KB
Sample

221206-ae8nmsae49
MD5

3d084b92117a693c81bf256a9782ddb0
SHA1

dc50c7aad3f4cbd3d4f89474ab78cea9df41f8e9
SHA256

6c42459c1638b6eaa783c9cbf6886761c6e8e9cd11c891abc34d664e539dffce
SHA512

28716bc5fd69fa7d8cb03de1b500e878ec4793a9206bff25135df80d8966cbd5b92e57de81f86ea5ebd000426cb585f00084986993b672e01e63818bc5d939db
SSDEEP

768:kq3hpv8eDKxNS0cGbQrq9OSiT532YdD581k46HZxjH/Aqvtu1SBYr1pTqNjALqH4:9qulG9ktZ9/KdNqhHCCrkRX4C

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  6c42459c1638b6eaa783c9cbf6886761c6e8e9cd11c891abc34d664e539dffce
- Size
  
  45KB
- MD5
  
  3d084b92117a693c81bf256a9782ddb0
- SHA1
  
  dc50c7aad3f4cbd3d4f89474ab78cea9df41f8e9
- SHA256
  
  6c42459c1638b6eaa783c9cbf6886761c6e8e9cd11c891abc34d664e539dffce
- SHA512
  
  28716bc5fd69fa7d8cb03de1b500e878ec4793a9206bff25135df80d8966cbd5b92e57de81f86ea5ebd000426cb585f00084986993b672e01e63818bc5d939db
- SSDEEP
  
  768:kq3hpv8eDKxNS0cGbQrq9OSiT532YdD581k46HZxjH/Aqvtu1SBYr1pTqNjALqH4:9qulG9ktZ9/KdNqhHCCrkRX4C
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence