133ee7d1468f388f0163ad4971500e1453ad5ad04f8dcc159d41c8bdf28c833b | Triage

Sharing

General

Target

133ee7d1468f388f0163ad4971500e1453ad5ad04f8dcc159d41c8bdf28c833b
Size

148KB
Sample

221207-d9ssfseg3t
MD5

0a1f47c7d214d33292c0c6f7bc927a21
SHA1

e6982cb98a851364b288772a03649fa6e5975821
SHA256

133ee7d1468f388f0163ad4971500e1453ad5ad04f8dcc159d41c8bdf28c833b
SHA512

b2332fb76c715cd3e10bc1848cfea2f2ae7626fb45292a0d2c2325ad2c1b07437530c0042d9b155ef1e35bdf1d416bb1baf05cb8286fa3a08ee81616bc138cc9
SSDEEP

3072:xC5BVnzPVigj6G7gW1lktdVbKPkKE9qKIu64oQZiEkHsLfM:aBVz9Fj7b1eDvXI3WY4k

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  133ee7d1468f388f0163ad4971500e1453ad5ad04f8dcc159d41c8bdf28c833b
- Size
  
  148KB
- MD5
  
  0a1f47c7d214d33292c0c6f7bc927a21
- SHA1
  
  e6982cb98a851364b288772a03649fa6e5975821
- SHA256
  
  133ee7d1468f388f0163ad4971500e1453ad5ad04f8dcc159d41c8bdf28c833b
- SHA512
  
  b2332fb76c715cd3e10bc1848cfea2f2ae7626fb45292a0d2c2325ad2c1b07437530c0042d9b155ef1e35bdf1d416bb1baf05cb8286fa3a08ee81616bc138cc9
- SSDEEP
  
  3072:xC5BVnzPVigj6G7gW1lktdVbKPkKE9qKIu64oQZiEkHsLfM:aBVz9Fj7b1eDvXI3WY4k
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence