b5cfb646cca7826093192239b394603a010cfeb49ee43bf849d1ed3909bd2d49 | Triage

Sharing

General

Target

b5cfb646cca7826093192239b394603a010cfeb49ee43bf849d1ed3909bd2d49
Size

621KB
Sample

221127-nnyfxsde34
MD5

7e5c9cba300832beb83d765f8871e086
SHA1

9e7b5bf0d6f26617741dc26853c3c0317e513d68
SHA256

b5cfb646cca7826093192239b394603a010cfeb49ee43bf849d1ed3909bd2d49
SHA512

d8a43c76d134a0f821384e0bc28d082cd24f83989718be0d19528ca0ad0a2d088e17909de1c012911add306bd50bfab4c10c7e9b324e9e8a901d20dca5fe9d50
SSDEEP

12288:7nt7dcZL5v4DBWVA7tsaByn3pBDWtBS73lVcqCd7xFkIS0krY+a:gZL5rA7BA5oOeNJgHhrY+a

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  b5cfb646cca7826093192239b394603a010cfeb49ee43bf849d1ed3909bd2d49
- Size
  
  621KB
- MD5
  
  7e5c9cba300832beb83d765f8871e086
- SHA1
  
  9e7b5bf0d6f26617741dc26853c3c0317e513d68
- SHA256
  
  b5cfb646cca7826093192239b394603a010cfeb49ee43bf849d1ed3909bd2d49
- SHA512
  
  d8a43c76d134a0f821384e0bc28d082cd24f83989718be0d19528ca0ad0a2d088e17909de1c012911add306bd50bfab4c10c7e9b324e9e8a901d20dca5fe9d50
- SSDEEP
  
  12288:7nt7dcZL5v4DBWVA7tsaByn3pBDWtBS73lVcqCd7xFkIS0krY+a:gZL5rA7BA5oOeNJgHhrY+a
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2