20a7adf26b1d0cf65661cfbfa94dd2246f2fb34963ea689b83b4c32af2d810a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20a7adf26b1d0cf65661cfbfa94dd2246f2fb34963ea689b83b4c32af2d810a3
Size

54KB
Sample

220919-bb4e7ahfa2
MD5

e244f6cdbcab13e32434cfcb888ce124
SHA1

1b38c2c603b2d0a93636d1f7ea8d3b7c7cc708c6
SHA256

20a7adf26b1d0cf65661cfbfa94dd2246f2fb34963ea689b83b4c32af2d810a3
SHA512

8de5caa965c1cd27fb9245dbb9869ee7fac8c3dee964c56304478feed5c2674369da5bd4bcaeb87882d1bc0db26981d4621ddbcef9d211931fa04fa2d27abfdf
SSDEEP

768:NrpGUKbGPhgSRA99jfeXZ8veIJCsS2+AvnbcuyD7UMo:NLbRATzeXZ8GIZScvnouy8Mo

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  20a7adf26b1d0cf65661cfbfa94dd2246f2fb34963ea689b83b4c32af2d810a3
- Size
  
  54KB
- MD5
  
  e244f6cdbcab13e32434cfcb888ce124
- SHA1
  
  1b38c2c603b2d0a93636d1f7ea8d3b7c7cc708c6
- SHA256
  
  20a7adf26b1d0cf65661cfbfa94dd2246f2fb34963ea689b83b4c32af2d810a3
- SHA512
  
  8de5caa965c1cd27fb9245dbb9869ee7fac8c3dee964c56304478feed5c2674369da5bd4bcaeb87882d1bc0db26981d4621ddbcef9d211931fa04fa2d27abfdf
- SSDEEP
  
  768:NrpGUKbGPhgSRA99jfeXZ8veIJCsS2+AvnbcuyD7UMo:NLbRATzeXZ8GIZScvnouy8Mo
Score

8^/10

evasion persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence