f54b2b8a5db3e3ea8587f1c7f3322a7326966bbd6e9eab1d31d51f6810b3f50b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f54b2b8a5db3e3ea8587f1c7f3322a7326966bbd6e9eab1d31d51f6810b3f50b
Size

152KB
Sample

221129-vbs41aga37
MD5

575a87cb443187574918bf5e495fd610
SHA1

2f102d2ff66d24f0992d6152fa9b29ff17dec11d
SHA256

f54b2b8a5db3e3ea8587f1c7f3322a7326966bbd6e9eab1d31d51f6810b3f50b
SHA512

c11b0ce3c1a4db8a8dadc1439016b59ad5cda49faaaf06b25e197d2b124aa2a77302fa69cf7573163e701989dad8384bdf772ed4d87d66244c0712957c785104
SSDEEP

1536:yhC7m5/w0zpNGyZhp7PTdPzage3AV78pnB3F2KdoQrIybrTwzdpyOSYz2BhZ:y84BJrx5AYSnB3FzoQrIMrTwzdp7G/Z

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  f54b2b8a5db3e3ea8587f1c7f3322a7326966bbd6e9eab1d31d51f6810b3f50b
- Size
  
  152KB
- MD5
  
  575a87cb443187574918bf5e495fd610
- SHA1
  
  2f102d2ff66d24f0992d6152fa9b29ff17dec11d
- SHA256
  
  f54b2b8a5db3e3ea8587f1c7f3322a7326966bbd6e9eab1d31d51f6810b3f50b
- SHA512
  
  c11b0ce3c1a4db8a8dadc1439016b59ad5cda49faaaf06b25e197d2b124aa2a77302fa69cf7573163e701989dad8384bdf772ed4d87d66244c0712957c785104
- SSDEEP
  
  1536:yhC7m5/w0zpNGyZhp7PTdPzage3AV78pnB3F2KdoQrIybrTwzdpyOSYz2BhZ:y84BJrx5AYSnB3FzoQrIMrTwzdp7G/Z
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence