6c3cfa7a1306135cdcb8054dcfa61980b5d4a11fe6f9fc1dd4d879d784c5d99c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c3cfa7a1306135cdcb8054dcfa61980b5d4a11fe6f9fc1dd4d879d784c5d99c
Size

244KB
Sample

221207-df4mvshg28
MD5

378d7d9dfed0e83cc2aeb75e0f6578d1
SHA1

a242f536319c0b51286d85d0decee076dfe1243b
SHA256

6c3cfa7a1306135cdcb8054dcfa61980b5d4a11fe6f9fc1dd4d879d784c5d99c
SHA512

3feaf8280bc05f49764b2ca9c286a21df07ea77939e6286841b86b4850071e700b646c28206c8945310fd3e47464ee39373fcc49275e2c267a7d3183223d8888
SSDEEP

3072:kjLM4AOgMcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnjYMn:mw5zFy1imdJgc4s2QRhH5IXl

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6c3cfa7a1306135cdcb8054dcfa61980b5d4a11fe6f9fc1dd4d879d784c5d99c
- Size
  
  244KB
- MD5
  
  378d7d9dfed0e83cc2aeb75e0f6578d1
- SHA1
  
  a242f536319c0b51286d85d0decee076dfe1243b
- SHA256
  
  6c3cfa7a1306135cdcb8054dcfa61980b5d4a11fe6f9fc1dd4d879d784c5d99c
- SHA512
  
  3feaf8280bc05f49764b2ca9c286a21df07ea77939e6286841b86b4850071e700b646c28206c8945310fd3e47464ee39373fcc49275e2c267a7d3183223d8888
- SSDEEP
  
  3072:kjLM4AOgMcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnjYMn:mw5zFy1imdJgc4s2QRhH5IXl
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence