20af80cbe3e6b1a932d1972fc392ed92562f7ea1bfafe27e0412d1341246389b | Triage

Sharing

General

Target

20af80cbe3e6b1a932d1972fc392ed92562f7ea1bfafe27e0412d1341246389b
Size

43KB
Sample

221002-k4fn9saaam
MD5

70d5137805a18540bfeeb24ad3fc9e20
SHA1

9f08733199dd0a53f9bfb54c7e40b03fde3e1353
SHA256

20af80cbe3e6b1a932d1972fc392ed92562f7ea1bfafe27e0412d1341246389b
SHA512

e69f1926e172edb8fc72253fcddd595e63338cbdcf3dd705f2d14dec3170b2bf2767c83f97380b62b5104ca1b6fbe3d1e6db90280af443525a0cef6313f4a80b
SSDEEP

768:BjC4Fb8OPuF9SQoizcrq92T62cf501q6HIjHHUqvt21eNYL1EDeNXMw2HCCjPkax:fe2rVTILidgeQHCCrk

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  20af80cbe3e6b1a932d1972fc392ed92562f7ea1bfafe27e0412d1341246389b
- Size
  
  43KB
- MD5
  
  70d5137805a18540bfeeb24ad3fc9e20
- SHA1
  
  9f08733199dd0a53f9bfb54c7e40b03fde3e1353
- SHA256
  
  20af80cbe3e6b1a932d1972fc392ed92562f7ea1bfafe27e0412d1341246389b
- SHA512
  
  e69f1926e172edb8fc72253fcddd595e63338cbdcf3dd705f2d14dec3170b2bf2767c83f97380b62b5104ca1b6fbe3d1e6db90280af443525a0cef6313f4a80b
- SSDEEP
  
  768:BjC4Fb8OPuF9SQoizcrq92T62cf501q6HIjHHUqvt21eNYL1EDeNXMw2HCCjPkax:fe2rVTILidgeQHCCrk
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence