1f20e0ff1be14207800d76ffd653c70ac3165c6cdd865c7f44cce549581844f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f20e0ff1be14207800d76ffd653c70ac3165c6cdd865c7f44cce549581844f7
Size

841KB
Sample

221020-grsxaagha3
MD5

445ae5da5b5ee37e7b5a636be7b5e150
SHA1

e8ed7e37ddd343e31324070db6d7296daf57d912
SHA256

1f20e0ff1be14207800d76ffd653c70ac3165c6cdd865c7f44cce549581844f7
SHA512

5292191698bf70d146331679697159f3aed36a53d2de4ea0fdd4c3fa3f0e2f09ed076e69306fe94187268fc492008fb041d9548370c4bd88a27846e9e7ad261d
SSDEEP

12288:lnqXRRt2NZ3YVS6B7sIs6bhlNo9moemYLlI+EzZSaG3AZd8+5a1xDx:lnQt2NZ+SSds6Pq9mmgzEzZ6Kf2Zx

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  1f20e0ff1be14207800d76ffd653c70ac3165c6cdd865c7f44cce549581844f7
- Size
  
  841KB
- MD5
  
  445ae5da5b5ee37e7b5a636be7b5e150
- SHA1
  
  e8ed7e37ddd343e31324070db6d7296daf57d912
- SHA256
  
  1f20e0ff1be14207800d76ffd653c70ac3165c6cdd865c7f44cce549581844f7
- SHA512
  
  5292191698bf70d146331679697159f3aed36a53d2de4ea0fdd4c3fa3f0e2f09ed076e69306fe94187268fc492008fb041d9548370c4bd88a27846e9e7ad261d
- SSDEEP
  
  12288:lnqXRRt2NZ3YVS6B7sIs6bhlNo9moemYLlI+EzZSaG3AZd8+5a1xDx:lnQt2NZ+SSds6Pq9mmgzEzZ6Kf2Zx
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2