f20863deac5e7024b78f1d7007fbdb7868f7ede67d0c22b8d51fd83c88f4a48a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f20863deac5e7024b78f1d7007fbdb7868f7ede67d0c22b8d51fd83c88f4a48a
Size

180KB
Sample

221129-dm7cbsab53
MD5

df2348059fbec4371b486efb1bf2ba12
SHA1

6a2a38368738c549bbaaa798089c590c2b26442e
SHA256

f20863deac5e7024b78f1d7007fbdb7868f7ede67d0c22b8d51fd83c88f4a48a
SHA512

8f2ffe103b1de924a56a86c6bbf5714def710a0926a4493bfe5bd01bb643454be6d67cc72512cef1219e41478546872cc3212606eb9e797def84ecf4d6df0685
SSDEEP

3072:GBKAg3fsd23WKnvmb7/D26Nq/vJ+VFn8R4F7jIGs2YLtL9TKBd4GqeLQn/xE/M97:nAgviKnvmb7/D26Nq/vJ+VFn8R4F7jIb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f20863deac5e7024b78f1d7007fbdb7868f7ede67d0c22b8d51fd83c88f4a48a
- Size
  
  180KB
- MD5
  
  df2348059fbec4371b486efb1bf2ba12
- SHA1
  
  6a2a38368738c549bbaaa798089c590c2b26442e
- SHA256
  
  f20863deac5e7024b78f1d7007fbdb7868f7ede67d0c22b8d51fd83c88f4a48a
- SHA512
  
  8f2ffe103b1de924a56a86c6bbf5714def710a0926a4493bfe5bd01bb643454be6d67cc72512cef1219e41478546872cc3212606eb9e797def84ecf4d6df0685
- SSDEEP
  
  3072:GBKAg3fsd23WKnvmb7/D26Nq/vJ+VFn8R4F7jIGs2YLtL9TKBd4GqeLQn/xE/M97:nAgviKnvmb7/D26Nq/vJ+VFn8R4F7jIb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence