6fafd7aaf20005141264a685c07996172464513d18fa2428affdd0894636c610 | Triage

Sharing

General

Target

6fafd7aaf20005141264a685c07996172464513d18fa2428affdd0894636c610
Size

192KB
Sample

221207-c646msgg86
MD5

c06d6ff6eb19561fe41cdcdce81ce963
SHA1

b947bc377c653d769a71ba689eb41a9ba29aebf6
SHA256

6fafd7aaf20005141264a685c07996172464513d18fa2428affdd0894636c610
SHA512

13ec4fa965bf892bd6ef8d85a5b1c6e2c8012e9f7a0b34317ef6f8d901941caf42584bceb16e8c91783feab8b1a48317924b7fd9dd29f3622fe2fb4e2c889f8d
SSDEEP

3072:iaOZuCWv2JQcFBKBJy6apbuD2VMbj1hlUywqbo9GT:ivBWvUFIJlapu2V21r/C6

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6fafd7aaf20005141264a685c07996172464513d18fa2428affdd0894636c610
- Size
  
  192KB
- MD5
  
  c06d6ff6eb19561fe41cdcdce81ce963
- SHA1
  
  b947bc377c653d769a71ba689eb41a9ba29aebf6
- SHA256
  
  6fafd7aaf20005141264a685c07996172464513d18fa2428affdd0894636c610
- SHA512
  
  13ec4fa965bf892bd6ef8d85a5b1c6e2c8012e9f7a0b34317ef6f8d901941caf42584bceb16e8c91783feab8b1a48317924b7fd9dd29f3622fe2fb4e2c889f8d
- SSDEEP
  
  3072:iaOZuCWv2JQcFBKBJy6apbuD2VMbj1hlUywqbo9GT:ivBWvUFIJlapu2V21r/C6
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence