333364a0a9f01f8410a629d519f4a9a6f57636a3b404db8b53846de516ed1979 | Triage

Sharing

General

Target

333364a0a9f01f8410a629d519f4a9a6f57636a3b404db8b53846de516ed1979
Size

781KB
Sample

221127-nw1w1shg2s
MD5

5d991b324f5e5d9df01b25174df511b3
SHA1

2c4af8e269505ec20d8f34fbc82e5b3282b6895a
SHA256

333364a0a9f01f8410a629d519f4a9a6f57636a3b404db8b53846de516ed1979
SHA512

9d9926758d30710f763ee64b54bf9a059732075afb1619e1a4a215f79a82020cc12ea6d5b1aaec17903ec9f3f08e5b40ef983355b5bf29f94a5290934fa949c4
SSDEEP

12288:LOpHHKgdxwP5j/xMerzsnTWE9VCMhjIiyMP3u8+bD6rXwhrZ3:LEWP5j/BgiEaMhj4Ye+rXw

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  333364a0a9f01f8410a629d519f4a9a6f57636a3b404db8b53846de516ed1979
- Size
  
  781KB
- MD5
  
  5d991b324f5e5d9df01b25174df511b3
- SHA1
  
  2c4af8e269505ec20d8f34fbc82e5b3282b6895a
- SHA256
  
  333364a0a9f01f8410a629d519f4a9a6f57636a3b404db8b53846de516ed1979
- SHA512
  
  9d9926758d30710f763ee64b54bf9a059732075afb1619e1a4a215f79a82020cc12ea6d5b1aaec17903ec9f3f08e5b40ef983355b5bf29f94a5290934fa949c4
- SSDEEP
  
  12288:LOpHHKgdxwP5j/xMerzsnTWE9VCMhjIiyMP3u8+bD6rXwhrZ3:LEWP5j/BgiEaMhj4Ye+rXw
Score

9^/10

evasion persistence
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2