337e9341b062d1abd98580c2399d263c403a7652736e383fee6d677b1a9d936d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

337e9341b062d1abd98580c2399d263c403a7652736e383fee6d677b1a9d936d
Size

88KB
Sample

221205-13wl4afa3z
MD5

d0895ce0db121fec8ea0b934e732b409
SHA1

705357cb2ca1cdf6df535ccc9ada8094ca652d9a
SHA256

337e9341b062d1abd98580c2399d263c403a7652736e383fee6d677b1a9d936d
SHA512

48161b67fb4bbe3e66b04b9168d1171bff3c554bd98fedbae20e9eb65d067023bd8a93f0888e8ab16fa9c989a24ba71645988fac27630d2e981ef9d734c3ff86
SSDEEP

768:Y84JA5GoBfnURLQ/JD60XDeVtA5YwmHwWW2icNe78ljNZQcyLbdg5CIBT/DCwaTs:YYJIQ/JDHKa5EJWceYljNZQ6vDmNmoGj

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  337e9341b062d1abd98580c2399d263c403a7652736e383fee6d677b1a9d936d
- Size
  
  88KB
- MD5
  
  d0895ce0db121fec8ea0b934e732b409
- SHA1
  
  705357cb2ca1cdf6df535ccc9ada8094ca652d9a
- SHA256
  
  337e9341b062d1abd98580c2399d263c403a7652736e383fee6d677b1a9d936d
- SHA512
  
  48161b67fb4bbe3e66b04b9168d1171bff3c554bd98fedbae20e9eb65d067023bd8a93f0888e8ab16fa9c989a24ba71645988fac27630d2e981ef9d734c3ff86
- SSDEEP
  
  768:Y84JA5GoBfnURLQ/JD60XDeVtA5YwmHwWW2icNe78ljNZQcyLbdg5CIBT/DCwaTs:YYJIQ/JDHKa5EJWceYljNZQ6vDmNmoGj
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence