e6b117444f8f8723de0b747d9437b4816575ca4b1dd923a91d5f15541c7a3c5b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e6b117444f8f8723de0b747d9437b4816575ca4b1dd923a91d5f15541c7a3c5b
Size

511KB
Sample

221128-hkqzsahc8s
MD5

fb01d737fda0d618ffea87357936ec75
SHA1

c614540105eea18ec280eb0795b81431800e855b
SHA256

e6b117444f8f8723de0b747d9437b4816575ca4b1dd923a91d5f15541c7a3c5b
SHA512

48d9c49de8e589ddadaeca987301489a86de53b4b64b0ea11a0a444a41c76818d74807e6e999a327e1698f3876da693a7a492b393cdceefe01986ef5a8a2e21f
SSDEEP

12288:yxlxu5KvDoYTzDXJJSd2DuOcuj7gxSr94u3c1sr:yxlxqockzDwAuMwLudr

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  e6b117444f8f8723de0b747d9437b4816575ca4b1dd923a91d5f15541c7a3c5b
- Size
  
  511KB
- MD5
  
  fb01d737fda0d618ffea87357936ec75
- SHA1
  
  c614540105eea18ec280eb0795b81431800e855b
- SHA256
  
  e6b117444f8f8723de0b747d9437b4816575ca4b1dd923a91d5f15541c7a3c5b
- SHA512
  
  48d9c49de8e589ddadaeca987301489a86de53b4b64b0ea11a0a444a41c76818d74807e6e999a327e1698f3876da693a7a492b393cdceefe01986ef5a8a2e21f
- SSDEEP
  
  12288:yxlxu5KvDoYTzDXJJSd2DuOcuj7gxSr94u3c1sr:yxlxqockzDwAuMwLudr
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2