92c2a1af9be74d471ce6f489a06553e32a53a88a549fa81c1b1aab5144150f3c | Triage

Sharing

General

Target

92c2a1af9be74d471ce6f489a06553e32a53a88a549fa81c1b1aab5144150f3c
Size

512KB
Sample

221128-ja2h7seh57
MD5

d05913de510697d1de054c5cbb8df190
SHA1

87d75a89f91ca803b4bdb2a116e40e9cb453f2ec
SHA256

92c2a1af9be74d471ce6f489a06553e32a53a88a549fa81c1b1aab5144150f3c
SHA512

aaa818c69ea362beb45b054d3e7a96488f27ead546ffafdb3bfcaaafb76144120fab6b1a87964c0a8ddc269edc6a6c8e9f2bfe88feacd8edd1ec37fe1e7570d2
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4i:0+h9OY70z+warul3E4i

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  92c2a1af9be74d471ce6f489a06553e32a53a88a549fa81c1b1aab5144150f3c
- Size
  
  512KB
- MD5
  
  d05913de510697d1de054c5cbb8df190
- SHA1
  
  87d75a89f91ca803b4bdb2a116e40e9cb453f2ec
- SHA256
  
  92c2a1af9be74d471ce6f489a06553e32a53a88a549fa81c1b1aab5144150f3c
- SHA512
  
  aaa818c69ea362beb45b054d3e7a96488f27ead546ffafdb3bfcaaafb76144120fab6b1a87964c0a8ddc269edc6a6c8e9f2bfe88feacd8edd1ec37fe1e7570d2
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4i:0+h9OY70z+warul3E4i
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2