f33df36cb27d78927508b394102cc30111a92c81946c6867a7800fba1e260d2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f33df36cb27d78927508b394102cc30111a92c81946c6867a7800fba1e260d2f
Size

148KB
Sample

221020-zzyfvaefhj
MD5

816f618e97396c67e254aaccef5dc690
SHA1

4503a91cceafc66d3fff38b18be62eb1f728970b
SHA256

f33df36cb27d78927508b394102cc30111a92c81946c6867a7800fba1e260d2f
SHA512

8604a6440575c64e1d715038a2613a4d58dd7ac2bdb96d14661b09a2ab46b621a4edada50088593e2869f9299eaf87c89811e53a4298257a1a2b43a0af52c962
SSDEEP

3072:y8OQNwlPGn+32qbxLN/Ks6MvvcYW2QRfX0oMgdmtoQMwkSs5J:y5P6wpDp6KvHW2OfNMJtM5SQ

Score

8^/10

Malware Config

Targets

- Target
  
  f33df36cb27d78927508b394102cc30111a92c81946c6867a7800fba1e260d2f
- Size
  
  148KB
- MD5
  
  816f618e97396c67e254aaccef5dc690
- SHA1
  
  4503a91cceafc66d3fff38b18be62eb1f728970b
- SHA256
  
  f33df36cb27d78927508b394102cc30111a92c81946c6867a7800fba1e260d2f
- SHA512
  
  8604a6440575c64e1d715038a2613a4d58dd7ac2bdb96d14661b09a2ab46b621a4edada50088593e2869f9299eaf87c89811e53a4298257a1a2b43a0af52c962
- SSDEEP
  
  3072:y8OQNwlPGn+32qbxLN/Ks6MvvcYW2QRfX0oMgdmtoQMwkSs5J:y5P6wpDp6KvHW2OfNMJtM5SQ
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2