20edd331517d737079b1f3a6f51e73028fcbacc1bbdf52e2932e39936e8aed6d | Triage

Sharing

General

Target

20edd331517d737079b1f3a6f51e73028fcbacc1bbdf52e2932e39936e8aed6d.exe
Size

22KB
Sample

230207-n8lb4abe53
MD5

ba4f553fa6e6a87d5b31f4dbc7d56410
SHA1

e3df6aa9c8fb9e53958d7d27ea4bba5c521c4ca9
SHA256

20edd331517d737079b1f3a6f51e73028fcbacc1bbdf52e2932e39936e8aed6d
SHA512

12c97f12c63fe6fcd2401d155dd5c4d3db3d06286cf6b441345c88eab26b240572da38e235de90851c492df3bea306cfbd1af4f018eaffb8895b15d8841352d1
SSDEEP

384:VFLIOnxsbaWBCaCvDM82lKKLh0vEwUIjt9RB6wg6/szZHlJxGCm7O5rA0:Vac0c8qKLhu9tg4aZHlJXmIM0

Score

8^/10

Malware Config

Targets

- Target
  
  20edd331517d737079b1f3a6f51e73028fcbacc1bbdf52e2932e39936e8aed6d.exe
- Size
  
  22KB
- MD5
  
  ba4f553fa6e6a87d5b31f4dbc7d56410
- SHA1
  
  e3df6aa9c8fb9e53958d7d27ea4bba5c521c4ca9
- SHA256
  
  20edd331517d737079b1f3a6f51e73028fcbacc1bbdf52e2932e39936e8aed6d
- SHA512
  
  12c97f12c63fe6fcd2401d155dd5c4d3db3d06286cf6b441345c88eab26b240572da38e235de90851c492df3bea306cfbd1af4f018eaffb8895b15d8841352d1
- SSDEEP
  
  384:VFLIOnxsbaWBCaCvDM82lKKLh0vEwUIjt9RB6wg6/szZHlJxGCm7O5rA0:Vac0c8qKLhu9tg4aZHlJXmIM0
Score

8^/10
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2