Overview

overview

9

Static

static

af068958b3...3a.exe

windows7-x64

9

af068958b3...3a.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af068958b39eda45e38e81f08685505598be50d70b296fc366b5309d4ec8d33a

  • Size

    511KB

  • Sample

    221204-rgrxcafb92

  • MD5

    3bbaf820271e4ffe896a45cee4ec1bb3

  • SHA1

    5ef8929817d5fff3ef09eefa3a2466579922feb5

  • SHA256

    af068958b39eda45e38e81f08685505598be50d70b296fc366b5309d4ec8d33a

  • SHA512

    98e4827fe1e5514abf5d200fe9581face9d38eb0ffc4a3ad35aa8e3745071db9f36aa0df5d155c57a76e0d71ce9d6b4277030d3690e9534459644c40b3d2c366

  • SSDEEP

    12288:jma3hihwWTGNtGnh8kG6xfQtWrBhVc19lfknS5REv78rX:jmkZWTqkG6fQWWtkn4RE47

Score
9/10
evasion

Malware Config

Targets

    • Target

      af068958b39eda45e38e81f08685505598be50d70b296fc366b5309d4ec8d33a

    • Size

      511KB

    • MD5

      3bbaf820271e4ffe896a45cee4ec1bb3

    • SHA1

      5ef8929817d5fff3ef09eefa3a2466579922feb5

    • SHA256

      af068958b39eda45e38e81f08685505598be50d70b296fc366b5309d4ec8d33a

    • SHA512

      98e4827fe1e5514abf5d200fe9581face9d38eb0ffc4a3ad35aa8e3745071db9f36aa0df5d155c57a76e0d71ce9d6b4277030d3690e9534459644c40b3d2c366

    • SSDEEP

      12288:jma3hihwWTGNtGnh8kG6xfQtWrBhVc19lfknS5REv78rX:jmkZWTqkG6fQWWtkn4RE47

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks