4b3d535e36bd9f000472467214ca7d253cb60dbd06c481f37dfc21934686a3f0 | Triage

Sharing

General

Target

4b3d535e36bd9f000472467214ca7d253cb60dbd06c481f37dfc21934686a3f0
Size

512KB
Sample

221128-jxf6sacg7t
MD5

247cd72c66266aaea0f6645bd916ae3b
SHA1

524fe2625a98ee7fd67bccde0644245ce2c4a1ad
SHA256

4b3d535e36bd9f000472467214ca7d253cb60dbd06c481f37dfc21934686a3f0
SHA512

e8b40b2cef29ef2237d88c2cb4f9154e9ab17ac74a0543a85d34a5323bd30345fc964402a0123da9797eba4198e993fe2c7cd3226e9f78c358723d5e77e613e8
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4a:0+h9OY70z+warul3E4a

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  4b3d535e36bd9f000472467214ca7d253cb60dbd06c481f37dfc21934686a3f0
- Size
  
  512KB
- MD5
  
  247cd72c66266aaea0f6645bd916ae3b
- SHA1
  
  524fe2625a98ee7fd67bccde0644245ce2c4a1ad
- SHA256
  
  4b3d535e36bd9f000472467214ca7d253cb60dbd06c481f37dfc21934686a3f0
- SHA512
  
  e8b40b2cef29ef2237d88c2cb4f9154e9ab17ac74a0543a85d34a5323bd30345fc964402a0123da9797eba4198e993fe2c7cd3226e9f78c358723d5e77e613e8
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4a:0+h9OY70z+warul3E4a
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2