a9a91377514167738da981038ecf58a265b1b9c274bdfab739bd616e8ba37cbe | Triage

Sharing

General

Target

a9a91377514167738da981038ecf58a265b1b9c274bdfab739bd616e8ba37cbe
Size

512KB
Sample

221127-2mf25shg71
MD5

443abe012cafff415a2a93b55a7268c4
SHA1

9e5266ca999266c085f646dd92c011955ea80b25
SHA256

a9a91377514167738da981038ecf58a265b1b9c274bdfab739bd616e8ba37cbe
SHA512

dc084a01ba0535eadb0581f4bf94b789abb59fa7604b9ce2e2f836fac4357036cfc06a8c0d07c416eb374e303d9c85d8139f9f19a7d67300d5d97726367a8b87
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E45:0+h9OY70z+warul3E45

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  a9a91377514167738da981038ecf58a265b1b9c274bdfab739bd616e8ba37cbe
- Size
  
  512KB
- MD5
  
  443abe012cafff415a2a93b55a7268c4
- SHA1
  
  9e5266ca999266c085f646dd92c011955ea80b25
- SHA256
  
  a9a91377514167738da981038ecf58a265b1b9c274bdfab739bd616e8ba37cbe
- SHA512
  
  dc084a01ba0535eadb0581f4bf94b789abb59fa7604b9ce2e2f836fac4357036cfc06a8c0d07c416eb374e303d9c85d8139f9f19a7d67300d5d97726367a8b87
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E45:0+h9OY70z+warul3E45
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2