f2a1be67db80f8995f4908be6fcc2148a0af3897561ccc6c0aa7c674d062db7b | Triage

Sharing

General

Target

937592e8d5164990354cae18c3ef963a
Size

531KB
Sample

220908-ygvfssffe3
MD5

937592e8d5164990354cae18c3ef963a
SHA1

0ac874856572f169ce893e8e6d749e16d3a43c45
SHA256

f2a1be67db80f8995f4908be6fcc2148a0af3897561ccc6c0aa7c674d062db7b
SHA512

3202800ce5f40ccba1712f53d6b88e22d3a4b92672c1d22e1cd68d25b6bc0c2b5dc0e2857110358c0456d6143f3a3df3c4c427d16076a64121515516ca89cd76
SSDEEP

12288:q5iZvUxxc36rURUMK6jXc8RWi2TR7rGOjt9RRg/5Lb2M3njAds:q0vUxxEiMdjXBR8R7COZ9RRg5njAW

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  937592e8d5164990354cae18c3ef963a
- Size
  
  531KB
- MD5
  
  937592e8d5164990354cae18c3ef963a
- SHA1
  
  0ac874856572f169ce893e8e6d749e16d3a43c45
- SHA256
  
  f2a1be67db80f8995f4908be6fcc2148a0af3897561ccc6c0aa7c674d062db7b
- SHA512
  
  3202800ce5f40ccba1712f53d6b88e22d3a4b92672c1d22e1cd68d25b6bc0c2b5dc0e2857110358c0456d6143f3a3df3c4c427d16076a64121515516ca89cd76
- SSDEEP
  
  12288:q5iZvUxxc36rURUMK6jXc8RWi2TR7rGOjt9RRg/5Lb2M3njAds:q0vUxxEiMdjXBR8R7COZ9RRg5njAW
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2