6ffb332800c279d3352ea0d6b2d3aef6d16fc0124c1a1ec011d365c378c0b0a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ffb332800c279d3352ea0d6b2d3aef6d16fc0124c1a1ec011d365c378c0b0a2N
Size

260KB
Sample

241001-hpxccszgka
MD5

58242207e2efafb7d64d7b223a0ca3e0
SHA1

fcfb258cd07ff53e14272065c2e59fda1a8e88a2
SHA256

6ffb332800c279d3352ea0d6b2d3aef6d16fc0124c1a1ec011d365c378c0b0a2
SHA512

6fb34149f11a1fc620b10ec292d38c600c3f09e2bd01ea6aa25c93243ea687ff3625ac599a67727560c6fd87812fd59dd220d8c8dd031f73d3d3084fa026e982
SSDEEP

3072:Og9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxbGE:UeC4EwZFoobUk8qp0qpgwE

Score

10^/10

evasion execution trojan

Malware Config

Targets

- Target
  
  6ffb332800c279d3352ea0d6b2d3aef6d16fc0124c1a1ec011d365c378c0b0a2N
- Size
  
  260KB
- MD5
  
  58242207e2efafb7d64d7b223a0ca3e0
- SHA1
  
  fcfb258cd07ff53e14272065c2e59fda1a8e88a2
- SHA256
  
  6ffb332800c279d3352ea0d6b2d3aef6d16fc0124c1a1ec011d365c378c0b0a2
- SHA512
  
  6fb34149f11a1fc620b10ec292d38c600c3f09e2bd01ea6aa25c93243ea687ff3625ac599a67727560c6fd87812fd59dd220d8c8dd031f73d3d3084fa026e982
- SSDEEP
  
  3072:Og9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxbGE:UeC4EwZFoobUk8qp0qpgwE
Score

10^/10

evasion execution trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutiontrojan

behavioral2

evasionexecutiontrojan