6c64f6769ebf56061ccf5b03def4969a7930c6c5b7aef53af6e81ec1fff82571 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c64f6769ebf56061ccf5b03def4969a7930c6c5b7aef53af6e81ec1fff82571
Size

88KB
Sample

240508-3sw6zsgf89
MD5

2ed46e7c331d0989a9274d89582d4b2d
SHA1

da5c7fdb1d98ef924801d1def927fb019e76f50a
SHA256

6c64f6769ebf56061ccf5b03def4969a7930c6c5b7aef53af6e81ec1fff82571
SHA512

f62f48ddc775d0b9f329bc3ea788ae29b80da96e6648560f481d4a4670132a414cdd8b4bbd07b9daffda4022dee9bf7cd0777dee794ac2e0db0b4ee30953242a
SSDEEP

1536:D1Sbpfv5DOWknf7LAQkhB5EQr5PqNzH3EEIMrAgx29x0Lm73pZVfS5+Yqzb:QbpfhDOW7hBhr4pX5r9x29x0LMpZV8+B

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  6c64f6769ebf56061ccf5b03def4969a7930c6c5b7aef53af6e81ec1fff82571
- Size
  
  88KB
- MD5
  
  2ed46e7c331d0989a9274d89582d4b2d
- SHA1
  
  da5c7fdb1d98ef924801d1def927fb019e76f50a
- SHA256
  
  6c64f6769ebf56061ccf5b03def4969a7930c6c5b7aef53af6e81ec1fff82571
- SHA512
  
  f62f48ddc775d0b9f329bc3ea788ae29b80da96e6648560f481d4a4670132a414cdd8b4bbd07b9daffda4022dee9bf7cd0777dee794ac2e0db0b4ee30953242a
- SSDEEP
  
  1536:D1Sbpfv5DOWknf7LAQkhB5EQr5PqNzH3EEIMrAgx29x0Lm73pZVfS5+Yqzb:QbpfhDOW7hBhr4pX5r9x29x0LMpZV8+B
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2