20ec8f2feb2bc27ad821a3db621a34c8386e93f2ffde9d94595e07ba3009e6a8 | Triage

Sharing

General

Target

20ec8f2feb2bc27ad821a3db621a34c8386e93f2ffde9d94595e07ba3009e6a8
Size

108KB
Sample

221124-agwf4ahf6y
MD5

04e4248612f41c55464f2f4df57aed6c
SHA1

2ce4cd457d094edf09cb93426d6b2a267ba8ebdc
SHA256

20ec8f2feb2bc27ad821a3db621a34c8386e93f2ffde9d94595e07ba3009e6a8
SHA512

1f40bf001335c88cb40683b99d5ed45e3c66d26dd45d7416d9ba5612f7226f73f56415755218bbe01103ceb65494926dea40f15c5a15482934f9fafa177fb480
SSDEEP

1536:Uxqzj0We+nByAM6ZcnWWG1KdIvf1ijij+p4j9S2fbwg7h4HVQJZp:3XeaByAM2WG1KdrQN+Kp

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  20ec8f2feb2bc27ad821a3db621a34c8386e93f2ffde9d94595e07ba3009e6a8
- Size
  
  108KB
- MD5
  
  04e4248612f41c55464f2f4df57aed6c
- SHA1
  
  2ce4cd457d094edf09cb93426d6b2a267ba8ebdc
- SHA256
  
  20ec8f2feb2bc27ad821a3db621a34c8386e93f2ffde9d94595e07ba3009e6a8
- SHA512
  
  1f40bf001335c88cb40683b99d5ed45e3c66d26dd45d7416d9ba5612f7226f73f56415755218bbe01103ceb65494926dea40f15c5a15482934f9fafa177fb480
- SSDEEP
  
  1536:Uxqzj0We+nByAM6ZcnWWG1KdIvf1ijij+p4j9S2fbwg7h4HVQJZp:3XeaByAM2WG1KdrQN+Kp
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence