36b8ac40f66b0a18ae4071ef4e850eaa930de62a7a6db34a1fcc8f2d1e11f061 | Triage

Sharing

General

Target

c2719eb0d4fe5e8a965fe4dc929e94ca
Size

532KB
Sample

220920-vfpmdadhf8
MD5

c2719eb0d4fe5e8a965fe4dc929e94ca
SHA1

0b5713415270808f0deb584b5cf9bc07ea87b6ec
SHA256

36b8ac40f66b0a18ae4071ef4e850eaa930de62a7a6db34a1fcc8f2d1e11f061
SHA512

4082e20b716e40d867b805c24888fbb8b57c22abc26d00e8dca6e60ec7911d1a006435b8c7fbeab246d35f75623eedb72f40a5213c19f8b53084e8871591f34e
SSDEEP

12288:tXf2DMo6GCfdog22HXrFy+344+E9OsDYMbWMKyH/rexOww9C:tv2DBCVx5y+3RxDYv9UCxOww0

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  c2719eb0d4fe5e8a965fe4dc929e94ca
- Size
  
  532KB
- MD5
  
  c2719eb0d4fe5e8a965fe4dc929e94ca
- SHA1
  
  0b5713415270808f0deb584b5cf9bc07ea87b6ec
- SHA256
  
  36b8ac40f66b0a18ae4071ef4e850eaa930de62a7a6db34a1fcc8f2d1e11f061
- SHA512
  
  4082e20b716e40d867b805c24888fbb8b57c22abc26d00e8dca6e60ec7911d1a006435b8c7fbeab246d35f75623eedb72f40a5213c19f8b53084e8871591f34e
- SSDEEP
  
  12288:tXf2DMo6GCfdog22HXrFy+344+E9OsDYMbWMKyH/rexOww9C:tv2DBCVx5y+3RxDYv9UCxOww0
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2