33c0f22c86c435dd278090469248d9e479e14af86aca80f759be3fe8931d6f35 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33c0f22c86c435dd278090469248d9e479e14af86aca80f759be3fe8931d6f35
Size

100KB
Sample

220919-emhveabdan
MD5

45deb7efbbcda888f65c15e30a725c1b
SHA1

abdd0413c8f15a29f31169980d286d74de8b8f66
SHA256

33c0f22c86c435dd278090469248d9e479e14af86aca80f759be3fe8931d6f35
SHA512

7c71c982eb27c2c1ea0a088c418b84d069c66ed4866c58e771f6f1adde8c7fb673eda9eab8349c96bf55f6a8eb1b5423170bd73c816443d8bec0de39ba42d713
SSDEEP

1536:+tt0g82NTdwhVo3LGZcYADZPU1+73BD88b0nyLNIjnZrJ:CwhVoqgZPUQJLCnlJ

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  33c0f22c86c435dd278090469248d9e479e14af86aca80f759be3fe8931d6f35
- Size
  
  100KB
- MD5
  
  45deb7efbbcda888f65c15e30a725c1b
- SHA1
  
  abdd0413c8f15a29f31169980d286d74de8b8f66
- SHA256
  
  33c0f22c86c435dd278090469248d9e479e14af86aca80f759be3fe8931d6f35
- SHA512
  
  7c71c982eb27c2c1ea0a088c418b84d069c66ed4866c58e771f6f1adde8c7fb673eda9eab8349c96bf55f6a8eb1b5423170bd73c816443d8bec0de39ba42d713
- SSDEEP
  
  1536:+tt0g82NTdwhVo3LGZcYADZPU1+73BD88b0nyLNIjnZrJ:CwhVoqgZPUQJLCnlJ
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence