4b861b02756aa1b6c9ad5b3b399ad2814944126ab78fb5c36f288a49c05dbec0 | Triage

Sharing

General

Target

4b861b02756aa1b6c9ad5b3b399ad2814944126ab78fb5c36f288a49c05dbec0
Size

624KB
Sample

221127-jft2badg6x
MD5

39bbdfaa9beb171947dc0b8e6d92a8ec
SHA1

0270b1e5734950f7021ac48c9c393eca8cb6c5e3
SHA256

4b861b02756aa1b6c9ad5b3b399ad2814944126ab78fb5c36f288a49c05dbec0
SHA512

35d876c932e0350a06c9c4121c1043517823c227bc16ad8faba1a62ab968b6b099ee1b2938e7a565ec3839493f16633a79b6845dcd7e7c1de3ff685e4de3feee
SSDEEP

12288:SLJZY03tDoCSxs8nU39RTCClqh7VIYMX0y8V/OC+DQ:mY034hnm9R+97K5EpVmC+DQ

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  4b861b02756aa1b6c9ad5b3b399ad2814944126ab78fb5c36f288a49c05dbec0
- Size
  
  624KB
- MD5
  
  39bbdfaa9beb171947dc0b8e6d92a8ec
- SHA1
  
  0270b1e5734950f7021ac48c9c393eca8cb6c5e3
- SHA256
  
  4b861b02756aa1b6c9ad5b3b399ad2814944126ab78fb5c36f288a49c05dbec0
- SHA512
  
  35d876c932e0350a06c9c4121c1043517823c227bc16ad8faba1a62ab968b6b099ee1b2938e7a565ec3839493f16633a79b6845dcd7e7c1de3ff685e4de3feee
- SSDEEP
  
  12288:SLJZY03tDoCSxs8nU39RTCClqh7VIYMX0y8V/OC+DQ:mY034hnm9R+97K5EpVmC+DQ
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2