20dc5831bc55ea4f98fadcb1dac74be04eb1c01acb067c51a7fa5f9bd517bec6 | Triage

Sharing

General

Target

20dc5831bc55ea4f98fadcb1dac74be04eb1c01acb067c51a7fa5f9bd517bec6
Size

151KB
Sample

221124-ez95escb4x
MD5

cf6fc1e354a33219ba6d20704cffacc4
SHA1

3d773feb44fc8097adc8dcddadb20ebda6c0942d
SHA256

20dc5831bc55ea4f98fadcb1dac74be04eb1c01acb067c51a7fa5f9bd517bec6
SHA512

169b365b651638722401210cd406593cd2052cf22071aa238ef4e500b3adbee4c91af8be8d6c056371914774ae6a2490036ea7601d2d861ac3d80db46d61925e
SSDEEP

3072:bWbrBJVY2Cy+pHdrk0fb7GNUmfYQp/IRLsqd1pIecT3:bdHdo0T7PgYDs4pW

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  20dc5831bc55ea4f98fadcb1dac74be04eb1c01acb067c51a7fa5f9bd517bec6
- Size
  
  151KB
- MD5
  
  cf6fc1e354a33219ba6d20704cffacc4
- SHA1
  
  3d773feb44fc8097adc8dcddadb20ebda6c0942d
- SHA256
  
  20dc5831bc55ea4f98fadcb1dac74be04eb1c01acb067c51a7fa5f9bd517bec6
- SHA512
  
  169b365b651638722401210cd406593cd2052cf22071aa238ef4e500b3adbee4c91af8be8d6c056371914774ae6a2490036ea7601d2d861ac3d80db46d61925e
- SSDEEP
  
  3072:bWbrBJVY2Cy+pHdrk0fb7GNUmfYQp/IRLsqd1pIecT3:bdHdo0T7PgYDs4pW
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence