a7ab08469b88d7c25fa9078af3330c7f746ca74d489f6db011768921416252ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7ab08469b88d7c25fa9078af3330c7f746ca74d489f6db011768921416252ed
Size

614KB
Sample

221127-nj75kadb93
MD5

273fa11755b95e6524d1613f25f31d77
SHA1

6b75c91d520d3f64c1607305f594a5bab491ae7c
SHA256

a7ab08469b88d7c25fa9078af3330c7f746ca74d489f6db011768921416252ed
SHA512

fc7cad80db5ebe7e906f3b9ba18d6065e65b61c0106d5337e3596c72fd2af7428f5826b2a5389ad4b94ccbed9a964031af17edd5e81ed8f20f22e04d0d7f440c
SSDEEP

12288:WRT0gZpHvuDZKHHw2WNWI0tTYbuMKu5R7Uw5JEAY+O1:+ZpHSKHHw08b20UVAY+K

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  a7ab08469b88d7c25fa9078af3330c7f746ca74d489f6db011768921416252ed
- Size
  
  614KB
- MD5
  
  273fa11755b95e6524d1613f25f31d77
- SHA1
  
  6b75c91d520d3f64c1607305f594a5bab491ae7c
- SHA256
  
  a7ab08469b88d7c25fa9078af3330c7f746ca74d489f6db011768921416252ed
- SHA512
  
  fc7cad80db5ebe7e906f3b9ba18d6065e65b61c0106d5337e3596c72fd2af7428f5826b2a5389ad4b94ccbed9a964031af17edd5e81ed8f20f22e04d0d7f440c
- SSDEEP
  
  12288:WRT0gZpHvuDZKHHw2WNWI0tTYbuMKu5R7Uw5JEAY+O1:+ZpHSKHHw08b20UVAY+K
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2