a25f88c3f275afdc17aff999fafe29ab4002ecdb66b7b3d8b6e2216aad915b9c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a25f88c3f275afdc17aff999fafe29ab4002ecdb66b7b3d8b6e2216aad915b9c
Size

623KB
Sample

221127-c7lexsdd84
MD5

2107fc71caf8a0a75f4a664305e320ad
SHA1

e07bc25dc049c4d6476962ea84a509376cad6da0
SHA256

a25f88c3f275afdc17aff999fafe29ab4002ecdb66b7b3d8b6e2216aad915b9c
SHA512

3057546f7bb89ba78ebc2bb5e73e5f0828edad9cfb2c9a71259d8375319fe046b98e52debd21731ca8f7253a45120bbbf7efb4d2f8e0e18f84e33141ad568f42
SSDEEP

12288:XQXik2ugDdI251hczaS3wc4CUu4SRFZ0yD2D:1k2uN+0H3TXFRFqyD2D

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  a25f88c3f275afdc17aff999fafe29ab4002ecdb66b7b3d8b6e2216aad915b9c
- Size
  
  623KB
- MD5
  
  2107fc71caf8a0a75f4a664305e320ad
- SHA1
  
  e07bc25dc049c4d6476962ea84a509376cad6da0
- SHA256
  
  a25f88c3f275afdc17aff999fafe29ab4002ecdb66b7b3d8b6e2216aad915b9c
- SHA512
  
  3057546f7bb89ba78ebc2bb5e73e5f0828edad9cfb2c9a71259d8375319fe046b98e52debd21731ca8f7253a45120bbbf7efb4d2f8e0e18f84e33141ad568f42
- SSDEEP
  
  12288:XQXik2ugDdI251hczaS3wc4CUu4SRFZ0yD2D:1k2uN+0H3TXFRFqyD2D
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2