bcb1d84904ec07a5ee10676e93e1ee2cc6fb7617097390499624c0610e265684 | Triage

Sharing

General

Target

bcb1d84904ec07a5ee10676e93e1ee2cc6fb7617097390499624c0610e265684
Size

514KB
Sample

221125-q6fd6scc24
MD5

a60f1572c9c41bf33ca479a5445121d7
SHA1

38e622782b15050c6ee420e8aaa859c067201ac4
SHA256

bcb1d84904ec07a5ee10676e93e1ee2cc6fb7617097390499624c0610e265684
SHA512

b0e176c6463990c63c1f903d4201ef745f52c807a2618a5f9060ac4df76734d90c52f980929e6f48b49e0c22cc87c639bfc577b45a0b09460accdbc60e41ac29
SSDEEP

12288:J8U6sBwlrjT0k+g/QoRePwF0sOuUhaPGx8YXX8r//:J8U6hjTnQoRMwK+IaYXX8rn

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  bcb1d84904ec07a5ee10676e93e1ee2cc6fb7617097390499624c0610e265684
- Size
  
  514KB
- MD5
  
  a60f1572c9c41bf33ca479a5445121d7
- SHA1
  
  38e622782b15050c6ee420e8aaa859c067201ac4
- SHA256
  
  bcb1d84904ec07a5ee10676e93e1ee2cc6fb7617097390499624c0610e265684
- SHA512
  
  b0e176c6463990c63c1f903d4201ef745f52c807a2618a5f9060ac4df76734d90c52f980929e6f48b49e0c22cc87c639bfc577b45a0b09460accdbc60e41ac29
- SSDEEP
  
  12288:J8U6sBwlrjT0k+g/QoRePwF0sOuUhaPGx8YXX8r//:J8U6hjTnQoRMwK+IaYXX8rn
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2