20c5a64587097538565d1999709d39c1b73880bdd67fd221e6b45217802c4456 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20c5a64587097538565d1999709d39c1b73880bdd67fd221e6b45217802c4456
Size

96KB
Sample

221028-w431caagdq
MD5

0c1e0c840649384ebb79e0bf86128a45
SHA1

230226667b7c8ef907cbe9188d53345b57eb8cb2
SHA256

20c5a64587097538565d1999709d39c1b73880bdd67fd221e6b45217802c4456
SHA512

da7a797402058bb1f4aab091cd90228e2bfdfa2e225b4a90e87f65dd8b69df3b6dd1955b5ed0ae0f7805e9f973e6c5b36a9dc00889bede12641b816ec2115e9e
SSDEEP

1536:vqQBHUf6cO/hSkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZ+y:93hnlu8CFF/Cnoy

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  20c5a64587097538565d1999709d39c1b73880bdd67fd221e6b45217802c4456
- Size
  
  96KB
- MD5
  
  0c1e0c840649384ebb79e0bf86128a45
- SHA1
  
  230226667b7c8ef907cbe9188d53345b57eb8cb2
- SHA256
  
  20c5a64587097538565d1999709d39c1b73880bdd67fd221e6b45217802c4456
- SHA512
  
  da7a797402058bb1f4aab091cd90228e2bfdfa2e225b4a90e87f65dd8b69df3b6dd1955b5ed0ae0f7805e9f973e6c5b36a9dc00889bede12641b816ec2115e9e
- SSDEEP
  
  1536:vqQBHUf6cO/hSkGulSc16l6u+NMMl/KlYv1Tq5ThF/NIjnZ+y:93hnlu8CFF/Cnoy
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence