79af314e7dfb683d4533301e7318101209af1c5de649fbbc214058a17385bb16 | Triage

Sharing

General

Target

79af314e7dfb683d4533301e7318101209af1c5de649fbbc214058a17385bb16
Size

511KB
Sample

221128-jh4zasfe52
MD5

ce64acdbf226be45306996c6c9c7e50a
SHA1

32e71f7f7e076fe29e7f2fc432247103d9d26a0a
SHA256

79af314e7dfb683d4533301e7318101209af1c5de649fbbc214058a17385bb16
SHA512

46fcc22b252381bb36537d52589fa91aa056f636d00d458780d4c304630094f7f739faf537918055661f4fa326a66b5419ce13d85e337fa3f9d1d5c18496bf27
SSDEEP

12288:yxlxu5KvDoYTzDXJJSd2DuOcuj7gxSr94u3c1sB:yxlxqockzDwAuMwLudB

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  79af314e7dfb683d4533301e7318101209af1c5de649fbbc214058a17385bb16
- Size
  
  511KB
- MD5
  
  ce64acdbf226be45306996c6c9c7e50a
- SHA1
  
  32e71f7f7e076fe29e7f2fc432247103d9d26a0a
- SHA256
  
  79af314e7dfb683d4533301e7318101209af1c5de649fbbc214058a17385bb16
- SHA512
  
  46fcc22b252381bb36537d52589fa91aa056f636d00d458780d4c304630094f7f739faf537918055661f4fa326a66b5419ce13d85e337fa3f9d1d5c18496bf27
- SSDEEP
  
  12288:yxlxu5KvDoYTzDXJJSd2DuOcuj7gxSr94u3c1sB:yxlxqockzDwAuMwLudB
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2