6cb5939821928395ce23d3fc49bcc5e0d5e9133170074f94ccc62e7e6c88a517 | Triage

Sharing

General

Target

6cb5939821928395ce23d3fc49bcc5e0d5e9133170074f94ccc62e7e6c88a517
Size

624KB
Sample

221127-lrbp8agb49
MD5

d16c64bd0031533a091cf70763da93fc
SHA1

700d0581442e9304cadb7c5d44e2cd1a3a4c2581
SHA256

6cb5939821928395ce23d3fc49bcc5e0d5e9133170074f94ccc62e7e6c88a517
SHA512

f10c55188651b922f09ea1ae22d5ccba6cf46b6512f93ec34ca7525a923d4f4bfae9f39afa95acdee32949495a88c42b2e9940b6709f0f5c86032a7a38f8f97b
SSDEEP

12288:p93rW92itxpUGx1I/mCEUaQ9b0WF+cf6vDbRI4LBvhRybnlf61Y+s:3W92kUGx/s9bSvDbRlJ0bn81Y+s

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  6cb5939821928395ce23d3fc49bcc5e0d5e9133170074f94ccc62e7e6c88a517
- Size
  
  624KB
- MD5
  
  d16c64bd0031533a091cf70763da93fc
- SHA1
  
  700d0581442e9304cadb7c5d44e2cd1a3a4c2581
- SHA256
  
  6cb5939821928395ce23d3fc49bcc5e0d5e9133170074f94ccc62e7e6c88a517
- SHA512
  
  f10c55188651b922f09ea1ae22d5ccba6cf46b6512f93ec34ca7525a923d4f4bfae9f39afa95acdee32949495a88c42b2e9940b6709f0f5c86032a7a38f8f97b
- SSDEEP
  
  12288:p93rW92itxpUGx1I/mCEUaQ9b0WF+cf6vDbRI4LBvhRybnlf61Y+s:3W92kUGx/s9bSvDbRlJ0bn81Y+s
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2