927f4fa73f61dc2aa74d544ed3b5292b1ce8d2a91dd6890a6a80b40db730a483 | Triage

Sharing

General

Target

927f4fa73f61dc2aa74d544ed3b5292b1ce8d2a91dd6890a6a80b40db730a483
Size

514KB
Sample

221127-22j3caah7t
MD5

e9b934153a73f67a4a181ee310e96594
SHA1

f055d3205947961c3423693c2e708b4357d981cb
SHA256

927f4fa73f61dc2aa74d544ed3b5292b1ce8d2a91dd6890a6a80b40db730a483
SHA512

175e9329e4b1d42fef5c042639ec6c6210897f2099df7c267c1b561f38ce8907f82f3f464cc351ab24b792c01188bb12b60ae07b0d0dac488c2fa870f8616706
SSDEEP

12288:ffv/cSGxdtQnvIIR40X7+u0Zpk2JjAUd19nVRkE:fn/cSa3QAIRRL30x0Ur9noE

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  927f4fa73f61dc2aa74d544ed3b5292b1ce8d2a91dd6890a6a80b40db730a483
- Size
  
  514KB
- MD5
  
  e9b934153a73f67a4a181ee310e96594
- SHA1
  
  f055d3205947961c3423693c2e708b4357d981cb
- SHA256
  
  927f4fa73f61dc2aa74d544ed3b5292b1ce8d2a91dd6890a6a80b40db730a483
- SHA512
  
  175e9329e4b1d42fef5c042639ec6c6210897f2099df7c267c1b561f38ce8907f82f3f464cc351ab24b792c01188bb12b60ae07b0d0dac488c2fa870f8616706
- SSDEEP
  
  12288:ffv/cSGxdtQnvIIR40X7+u0Zpk2JjAUd19nVRkE:fn/cSa3QAIRRL30x0Ur9noE
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2