c6f0de1f19297d125dbcf7968826747c0ed6e0220a564309e79d2843282b32d5 | Triage

Submit
Reports

Overview

overview

Static

static

3

c6f0de1f19...d5.exe

windows7-x64

c6f0de1f19...d5.exe

windows10-2004-x64

Sharing

General

Target

c6f0de1f19297d125dbcf7968826747c0ed6e0220a564309e79d2843282b32d5.exe
Size

87KB
Sample

241119-w1fewazcjg
MD5

fdd771260012bb7d852d90d8dcd20f19
SHA1

6c312d5669847e7afeb1983337c58e3fd15dcb2a
SHA256

c6f0de1f19297d125dbcf7968826747c0ed6e0220a564309e79d2843282b32d5
SHA512

8a630e37499b56a9a6fc6492dba020b586faaf1e7d4d83d3309b88631175ceddc9296ed3cbefea7aa4e66e553112640ae142216b30ee86c8f65e423b3321995f
SSDEEP

1536:1a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3ldoI3:08dfX7y9DZ+N7eB+II3

Score

10^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c6f0de1f19297d125dbcf7968826747c0ed6e0220a564309e79d2843282b32d5.exe

Resource

win7-20240903-en

discovery evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6f0de1f19297d125dbcf7968826747c0ed6e0220a564309e79d2843282b32d5.exe

Resource

win10v2004-20241007-en

discovery evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  c6f0de1f19297d125dbcf7968826747c0ed6e0220a564309e79d2843282b32d5.exe
- Size
  
  87KB
- MD5
  
  fdd771260012bb7d852d90d8dcd20f19
- SHA1
  
  6c312d5669847e7afeb1983337c58e3fd15dcb2a
- SHA256
  
  c6f0de1f19297d125dbcf7968826747c0ed6e0220a564309e79d2843282b32d5
- SHA512
  
  8a630e37499b56a9a6fc6492dba020b586faaf1e7d4d83d3309b88631175ceddc9296ed3cbefea7aa4e66e553112640ae142216b30ee86c8f65e423b3321995f
- SSDEEP
  
  1536:1a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3ldoI3:08dfX7y9DZ+N7eB+II3
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy