General

  • Target

    ff974f29d2fdb6363cf1185ad1827039a315a1730f42f0729db535f8465eec24

  • Size

    601KB

  • Sample

    221127-nfmpfsch52

  • MD5

    d2c983126dff6a7db0e44cdcbf151aa0

  • SHA1

    fbfdba55db15457ca680cf5ccb1291363ede753a

  • SHA256

    ff974f29d2fdb6363cf1185ad1827039a315a1730f42f0729db535f8465eec24

  • SHA512

    1d7e544852b64fa9632cf22c3f74edab5f732ac2f69d145c0ab850bf45f8c55f7859468dfd58c8eb8bc8de47b9ab4f726108e452a774363f2896e0fc1a416544

  • SSDEEP

    12288:xORNsuj7LM2e2Bl4St2AxKeAN+GKnvLof/9WraN0bfs3kZwD+ZAdv:xsNsmM2lBmSt2A+yTof/YrdfqkZwD4AF

Score
9/10

Malware Config

Targets

    • Target

      ff974f29d2fdb6363cf1185ad1827039a315a1730f42f0729db535f8465eec24

    • Size

      601KB

    • MD5

      d2c983126dff6a7db0e44cdcbf151aa0

    • SHA1

      fbfdba55db15457ca680cf5ccb1291363ede753a

    • SHA256

      ff974f29d2fdb6363cf1185ad1827039a315a1730f42f0729db535f8465eec24

    • SHA512

      1d7e544852b64fa9632cf22c3f74edab5f732ac2f69d145c0ab850bf45f8c55f7859468dfd58c8eb8bc8de47b9ab4f726108e452a774363f2896e0fc1a416544

    • SSDEEP

      12288:xORNsuj7LM2e2Bl4St2AxKeAN+GKnvLof/9WraN0bfs3kZwD+ZAdv:xsNsmM2lBmSt2A+yTof/YrdfqkZwD4AF

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks