617af600c9ecf44b599afed0a0857a48f1687f4498dd7f4abd46c56e3e24727e | Triage

Sharing

General

Target

6755b66e4298af86a0ddfc688bacc94a
Size

260KB
Sample

231226-mh6dxaehdm
MD5

6755b66e4298af86a0ddfc688bacc94a
SHA1

ccae9238dea807da87f71dffb56a373f3000776b
SHA256

617af600c9ecf44b599afed0a0857a48f1687f4498dd7f4abd46c56e3e24727e
SHA512

30eae77c076496d8ecfd77a1fbb7a7446d902107f5f9ac264fd9c4bb9a2bd0411dfeba4a2ec94fab18f3aac877e7aa36bb8dfec14a8f2854ee8ba23f1135d629
SSDEEP

3072:8sgxOTiooHiUS41IGymUU5fkUehyB456J2Lw6BoiEx4PvsL2o5n33ygoe:n3ToHiUBiGyuT236J2deiEx4PvRo53Fv

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  6755b66e4298af86a0ddfc688bacc94a
- Size
  
  260KB
- MD5
  
  6755b66e4298af86a0ddfc688bacc94a
- SHA1
  
  ccae9238dea807da87f71dffb56a373f3000776b
- SHA256
  
  617af600c9ecf44b599afed0a0857a48f1687f4498dd7f4abd46c56e3e24727e
- SHA512
  
  30eae77c076496d8ecfd77a1fbb7a7446d902107f5f9ac264fd9c4bb9a2bd0411dfeba4a2ec94fab18f3aac877e7aa36bb8dfec14a8f2854ee8ba23f1135d629
- SSDEEP
  
  3072:8sgxOTiooHiUS41IGymUU5fkUehyB456J2Lw6BoiEx4PvsL2o5n33ygoe:n3ToHiUBiGyuT236J2deiEx4PvRo53Fv
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence