cb97c749a5b76c7b0a3730f4268bef2edc6ba869bf88af0d34752e11de2f594a | Triage

Sharing

General

Target

cb97c749a5b76c7b0a3730f4268bef2edc6ba869bf88af0d34752e11de2f594a
Size

618KB
Sample

221127-pslhlacc4s
MD5

e62244940a24aa03e40992e128120572
SHA1

156376bbca0d05d32e73f50d1f7a30d82bad1788
SHA256

cb97c749a5b76c7b0a3730f4268bef2edc6ba869bf88af0d34752e11de2f594a
SHA512

7dac58a83894c59e3ff77ae463f98a4c55e976b792b11949cf4d2edd6b7530e33701f05ccd8c3c589ae192d62577fa7a2b085c6c38fbfaef8a1ad787202bfa11
SSDEEP

12288:yKfC2/WC5btCQFxZITbejP27e73Rrx8FkWIGoC3tXkg/DKWO4g8CXdpYiY++:K2/W0NDZ/b6uumGpdXkg/DKWOj8C8iY1

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  cb97c749a5b76c7b0a3730f4268bef2edc6ba869bf88af0d34752e11de2f594a
- Size
  
  618KB
- MD5
  
  e62244940a24aa03e40992e128120572
- SHA1
  
  156376bbca0d05d32e73f50d1f7a30d82bad1788
- SHA256
  
  cb97c749a5b76c7b0a3730f4268bef2edc6ba869bf88af0d34752e11de2f594a
- SHA512
  
  7dac58a83894c59e3ff77ae463f98a4c55e976b792b11949cf4d2edd6b7530e33701f05ccd8c3c589ae192d62577fa7a2b085c6c38fbfaef8a1ad787202bfa11
- SSDEEP
  
  12288:yKfC2/WC5btCQFxZITbejP27e73Rrx8FkWIGoC3tXkg/DKWO4g8CXdpYiY++:K2/W0NDZ/b6uumGpdXkg/DKWOj8C8iY1
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2