8bff75cb3f941c77204d0bb09a14e2e6d7e323dbb8ef71d937c4f6932a6eeb78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bff75cb3f941c77204d0bb09a14e2e6d7e323dbb8ef71d937c4f6932a6eeb78
Size

625KB
Sample

221127-kww2aadg77
MD5

7c29883c3e17c5876e2b0eed6f94e25e
SHA1

a52aa00eabac6cf196e20242603d0210c6886692
SHA256

8bff75cb3f941c77204d0bb09a14e2e6d7e323dbb8ef71d937c4f6932a6eeb78
SHA512

5f954c43bca2fef4aba844bec663a1f2d3b496882db0889081f2e80a771f25a7b322e5c190ff3c98a186215db88396f260734bb294bb57280550af3cfd96a0d2
SSDEEP

12288:hg+gjjwmSK3ALgXgxvFDyfD1XBxzHMT0jZOJk7j4epPfArQyX0kZ2GEV4gB4IjY2:CjjwS3UW0NKhXLNjZzTPIrQu0kZCV4gr

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  8bff75cb3f941c77204d0bb09a14e2e6d7e323dbb8ef71d937c4f6932a6eeb78
- Size
  
  625KB
- MD5
  
  7c29883c3e17c5876e2b0eed6f94e25e
- SHA1
  
  a52aa00eabac6cf196e20242603d0210c6886692
- SHA256
  
  8bff75cb3f941c77204d0bb09a14e2e6d7e323dbb8ef71d937c4f6932a6eeb78
- SHA512
  
  5f954c43bca2fef4aba844bec663a1f2d3b496882db0889081f2e80a771f25a7b322e5c190ff3c98a186215db88396f260734bb294bb57280550af3cfd96a0d2
- SSDEEP
  
  12288:hg+gjjwmSK3ALgXgxvFDyfD1XBxzHMT0jZOJk7j4epPfArQyX0kZ2GEV4gB4IjY2:CjjwS3UW0NKhXLNjZzTPIrQu0kZCV4gr
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2