20431e7833a5d6ce1212dc588249ef58223fe3b01b5b0160c528bcb2967e7cb5 | Triage

Sharing

General

Target

20431e7833a5d6ce1212dc588249ef58223fe3b01b5b0160c528bcb2967e7cb5
Size

320KB
Sample

221207-day57ahb86
MD5

45143b5cbfac2ae07a8141c131d174cb
SHA1

cc9737f24163d9113b6941513d14fc49a2bad178
SHA256

20431e7833a5d6ce1212dc588249ef58223fe3b01b5b0160c528bcb2967e7cb5
SHA512

a1b828abc6b60757052fd847e27bd753acc38b9e0f51990612675c3a1f93d4ec2bd7bc7e2fe4bae9cc8699d56ee05b65e03530a5d343383cab87bdc4d721bff1
SSDEEP

6144:0tpYwn/ze9c0MCQ8rOHnB2gXr2i+y6VPuGrtzcSX6tzLDTH5YfJpf2ru9c9TKHUW:EZLdCQ8rKTH5YfJpf2ru9c9TK0sVCWpT

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  20431e7833a5d6ce1212dc588249ef58223fe3b01b5b0160c528bcb2967e7cb5
- Size
  
  320KB
- MD5
  
  45143b5cbfac2ae07a8141c131d174cb
- SHA1
  
  cc9737f24163d9113b6941513d14fc49a2bad178
- SHA256
  
  20431e7833a5d6ce1212dc588249ef58223fe3b01b5b0160c528bcb2967e7cb5
- SHA512
  
  a1b828abc6b60757052fd847e27bd753acc38b9e0f51990612675c3a1f93d4ec2bd7bc7e2fe4bae9cc8699d56ee05b65e03530a5d343383cab87bdc4d721bff1
- SSDEEP
  
  6144:0tpYwn/ze9c0MCQ8rOHnB2gXr2i+y6VPuGrtzcSX6tzLDTH5YfJpf2ru9c9TKHUW:EZLdCQ8rKTH5YfJpf2ru9c9TK0sVCWpT
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence