2e52a405b797c07be358cb3c2efe4f25b0e547b2297f2b181b29942aa008b2c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e52a405b797c07be358cb3c2efe4f25b0e547b2297f2b181b29942aa008b2c8
Size

623KB
Sample

221127-hg8enabc6w
MD5

25363031629bb204fd5d1cb8804c0d62
SHA1

6fde1d9f7cef23c44c249f1b146e690e979e7f85
SHA256

2e52a405b797c07be358cb3c2efe4f25b0e547b2297f2b181b29942aa008b2c8
SHA512

8a1948ed90c4715c20225646bffc2e1456996ada4f82a5d480359dd055c5446c61d7f90089d3ea2cbc4e0807c251ae1937e5a475363d0abb000843fe67514235
SSDEEP

12288:XQXik2ugDdI251hczaS3wc4CUu4SRFZ0yD2X:1k2uN+0H3TXFRFqyD2X

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  2e52a405b797c07be358cb3c2efe4f25b0e547b2297f2b181b29942aa008b2c8
- Size
  
  623KB
- MD5
  
  25363031629bb204fd5d1cb8804c0d62
- SHA1
  
  6fde1d9f7cef23c44c249f1b146e690e979e7f85
- SHA256
  
  2e52a405b797c07be358cb3c2efe4f25b0e547b2297f2b181b29942aa008b2c8
- SHA512
  
  8a1948ed90c4715c20225646bffc2e1456996ada4f82a5d480359dd055c5446c61d7f90089d3ea2cbc4e0807c251ae1937e5a475363d0abb000843fe67514235
- SSDEEP
  
  12288:XQXik2ugDdI251hczaS3wc4CUu4SRFZ0yD2X:1k2uN+0H3TXFRFqyD2X
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2