20e0d85e74407dd4f242792608a93ac07eb5aef1bb03ef3b4b3e9e4d05292587 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20e0d85e74407dd4f242792608a93ac07eb5aef1bb03ef3b4b3e9e4d05292587
Size

498KB
Sample

220919-t5vz1sghd7
MD5

be39893d895d8ef4683ffedfcb19f610
SHA1

1a05622e36e86b1193e170f595a156c936c9f364
SHA256

20e0d85e74407dd4f242792608a93ac07eb5aef1bb03ef3b4b3e9e4d05292587
SHA512

fd6d386b134437b78ef3b55126a3971e8fb5ebde27379ea35b24ed6921f5b8762e10111cff4880c91e20b9dacede51fd34d1c051febebb16ba7a8f49479d2ed3
SSDEEP

6144:d6YajbofxCvqd2T5Gkm9raZYgaZx0b+FQ07Hjy6LYl8k+xk1ahi56CCD2Nfk93oz:rWSEGFpQYg20br07HjyNfUkghLFFiVr

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  20e0d85e74407dd4f242792608a93ac07eb5aef1bb03ef3b4b3e9e4d05292587
- Size
  
  498KB
- MD5
  
  be39893d895d8ef4683ffedfcb19f610
- SHA1
  
  1a05622e36e86b1193e170f595a156c936c9f364
- SHA256
  
  20e0d85e74407dd4f242792608a93ac07eb5aef1bb03ef3b4b3e9e4d05292587
- SHA512
  
  fd6d386b134437b78ef3b55126a3971e8fb5ebde27379ea35b24ed6921f5b8762e10111cff4880c91e20b9dacede51fd34d1c051febebb16ba7a8f49479d2ed3
- SSDEEP
  
  6144:d6YajbofxCvqd2T5Gkm9raZYgaZx0b+FQ07Hjy6LYl8k+xk1ahi56CCD2Nfk93oz:rWSEGFpQYg20br07HjyNfUkghLFFiVr
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2