1920dc0833ad1cddbf5ce9be5f76294afd15b5221a7a2b880057f729a0a29995 | Triage

Sharing

General

Target

1920dc0833ad1cddbf5ce9be5f76294afd15b5221a7a2b880057f729a0a29995
Size

68KB
Sample

221129-gpbj8abh29
MD5

36058a1a1d78ccfe1a5ca3700b3e5a10
SHA1

dd7b99746eff2afc7652f19da7e9c78d634dd780
SHA256

1920dc0833ad1cddbf5ce9be5f76294afd15b5221a7a2b880057f729a0a29995
SHA512

18b15064e4c2c004412eace4348e1ed968967d075f3e9c98c61d75818eab47943e5b613450685aaa3776ee0339314e12c0b3b3cb11d733921cce5def18eff27e
SSDEEP

768:dcZliTd6SAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:aZIxpAcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  1920dc0833ad1cddbf5ce9be5f76294afd15b5221a7a2b880057f729a0a29995
- Size
  
  68KB
- MD5
  
  36058a1a1d78ccfe1a5ca3700b3e5a10
- SHA1
  
  dd7b99746eff2afc7652f19da7e9c78d634dd780
- SHA256
  
  1920dc0833ad1cddbf5ce9be5f76294afd15b5221a7a2b880057f729a0a29995
- SHA512
  
  18b15064e4c2c004412eace4348e1ed968967d075f3e9c98c61d75818eab47943e5b613450685aaa3776ee0339314e12c0b3b3cb11d733921cce5def18eff27e
- SSDEEP
  
  768:dcZliTd6SAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:aZIxpAcqOK3qowgnt1d
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence