eb20f5d033c7d52669b1788f38d73081102a7921c764609a3ea7a04abc42ef7a | Triage

Submit
Reports

Overview

overview

8

Static

static

eb20f5d033...7a.exe

windows7-x64

8

eb20f5d033...7a.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

eb20f5d033c7d52669b1788f38d73081102a7921c764609a3ea7a04abc42ef7a
Size

242KB
Sample

221121-k9yr2agd6t
MD5

300332204048c626edab9c9d8d0f5ae0
SHA1

ec9a84810e5eeed7140b6f5b396dd0f7697ebbec
SHA256

eb20f5d033c7d52669b1788f38d73081102a7921c764609a3ea7a04abc42ef7a
SHA512

8bfd808aa805c3088adc293e9a7996e26c7cc09341ba793f68292ab84c5f7bbe8fac7388bc106c1e5215dbda7e82c687e4c0e0bd0725ea67fc74d5f375aee8cf
SSDEEP

6144:RK5ArKjbAxXSaegUqGeGpBohM4Uj3ZmPMXwk:9rEbA5SpqJCohGNm6D

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

eb20f5d033c7d52669b1788f38d73081102a7921c764609a3ea7a04abc42ef7a.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb20f5d033c7d52669b1788f38d73081102a7921c764609a3ea7a04abc42ef7a.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb20f5d033c7d52669b1788f38d73081102a7921c764609a3ea7a04abc42ef7a
- Size
  
  242KB
- MD5
  
  300332204048c626edab9c9d8d0f5ae0
- SHA1
  
  ec9a84810e5eeed7140b6f5b396dd0f7697ebbec
- SHA256
  
  eb20f5d033c7d52669b1788f38d73081102a7921c764609a3ea7a04abc42ef7a
- SHA512
  
  8bfd808aa805c3088adc293e9a7996e26c7cc09341ba793f68292ab84c5f7bbe8fac7388bc106c1e5215dbda7e82c687e4c0e0bd0725ea67fc74d5f375aee8cf
- SSDEEP
  
  6144:RK5ArKjbAxXSaegUqGeGpBohM4Uj3ZmPMXwk:9rEbA5SpqJCohGNm6D
Score

8^/10

persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy