fa4b17dd8911896a4d58793cfa5de63109e9d169dff1d00213bab899ba335249 | Triage

Sharing

General

Target

fa4b17dd8911896a4d58793cfa5de63109e9d169dff1d00213bab899ba335249
Size

512KB
Sample

221128-hd7nyscg27
MD5

13a2dae9625dd2a770e56be453b99a3b
SHA1

8a7438410577ebc3617023212a859b6345e6f977
SHA256

fa4b17dd8911896a4d58793cfa5de63109e9d169dff1d00213bab899ba335249
SHA512

3e17d96c80c6523e24a926947c8466f4d6cab6efcc5ef8c98df5ebe23d19dc5228966864738ef7bf2b6b1c47051b87cc32de358c01deb0432c1f29c6ec3fee66
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E46:0+h9OY70z+warul3E46

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  fa4b17dd8911896a4d58793cfa5de63109e9d169dff1d00213bab899ba335249
- Size
  
  512KB
- MD5
  
  13a2dae9625dd2a770e56be453b99a3b
- SHA1
  
  8a7438410577ebc3617023212a859b6345e6f977
- SHA256
  
  fa4b17dd8911896a4d58793cfa5de63109e9d169dff1d00213bab899ba335249
- SHA512
  
  3e17d96c80c6523e24a926947c8466f4d6cab6efcc5ef8c98df5ebe23d19dc5228966864738ef7bf2b6b1c47051b87cc32de358c01deb0432c1f29c6ec3fee66
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E46:0+h9OY70z+warul3E46
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2