ab49655c1f90890214b1930fe705ac62dc3c344f2a81745f36ccee1d7a57e074 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab49655c1f90890214b1930fe705ac62dc3c344f2a81745f36ccee1d7a57e074
Size

564KB
Sample

221107-nd2etsfehl
MD5

747a0bd1cbc71d777993443446760ffb
SHA1

94ba0b82027ab1b0e2c7f707adbe4cbc5f6b8a1e
SHA256

ab49655c1f90890214b1930fe705ac62dc3c344f2a81745f36ccee1d7a57e074
SHA512

d29f770f3dc3826e209a0ca2a67f3167ee6cd2521fd991ffef8fa3eba72168dbade38dd8793c7039b32197e38591d824f33306e8b958e2b28d086895c63d6c22
SSDEEP

12288:cNEC2EhjTO5ApVsx4c7siJMKbSTu5eG3uAscMJUL:cNECjTLp8ZfUGNspUL

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  ab49655c1f90890214b1930fe705ac62dc3c344f2a81745f36ccee1d7a57e074
- Size
  
  564KB
- MD5
  
  747a0bd1cbc71d777993443446760ffb
- SHA1
  
  94ba0b82027ab1b0e2c7f707adbe4cbc5f6b8a1e
- SHA256
  
  ab49655c1f90890214b1930fe705ac62dc3c344f2a81745f36ccee1d7a57e074
- SHA512
  
  d29f770f3dc3826e209a0ca2a67f3167ee6cd2521fd991ffef8fa3eba72168dbade38dd8793c7039b32197e38591d824f33306e8b958e2b28d086895c63d6c22
- SSDEEP
  
  12288:cNEC2EhjTO5ApVsx4c7siJMKbSTu5eG3uAscMJUL:cNECjTLp8ZfUGNspUL
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2