8f83f2c3c51382df0cfdfd7fbb31b8b8f8b15251934a11081f2256dd4bb45e64 | Triage

Sharing

General

Target

8f83f2c3c51382df0cfdfd7fbb31b8b8f8b15251934a11081f2256dd4bb45e64
Size

512KB
Sample

221127-1fckpsag53
MD5

1ed5204a4b1bf9e3fd8429cdc6ff2404
SHA1

f6093e7d678eeb5f1b75e35ab7dc41e052c52ae2
SHA256

8f83f2c3c51382df0cfdfd7fbb31b8b8f8b15251934a11081f2256dd4bb45e64
SHA512

ec74bdcb2cc98c6977a6965b0a8d0cdb23354c4426c653823890c44d8ca08de510e2bb8c3f139b7c22412ec0f4a1e02409920d2f35891656071689897db79fe1
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4e:0+h9OY70z+warul3E4e

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  8f83f2c3c51382df0cfdfd7fbb31b8b8f8b15251934a11081f2256dd4bb45e64
- Size
  
  512KB
- MD5
  
  1ed5204a4b1bf9e3fd8429cdc6ff2404
- SHA1
  
  f6093e7d678eeb5f1b75e35ab7dc41e052c52ae2
- SHA256
  
  8f83f2c3c51382df0cfdfd7fbb31b8b8f8b15251934a11081f2256dd4bb45e64
- SHA512
  
  ec74bdcb2cc98c6977a6965b0a8d0cdb23354c4426c653823890c44d8ca08de510e2bb8c3f139b7c22412ec0f4a1e02409920d2f35891656071689897db79fe1
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4e:0+h9OY70z+warul3E4e
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2