e54bcdfd80fcf14f5a4cec4c0c92bfc8f3a317be1667fb30bb86b2834d07203d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8ce1e3382dc477c28b990b1e776e5b50.exe
Size

414KB
Sample

231014-wn48gach6y
MD5

8ce1e3382dc477c28b990b1e776e5b50
SHA1

3a7cdfd07d6f44c3cc58b4267da26b990ad2f48d
SHA256

e54bcdfd80fcf14f5a4cec4c0c92bfc8f3a317be1667fb30bb86b2834d07203d
SHA512

e516599b05183f5c83626cd8a8a5e8fbb6425bc5a6a009018f3a3b2cae6412c6fabe10a29ba4e6e1358503c23cff62d2b501814f418f1b3ac44346e1cf6f25ff
SSDEEP

6144:F4W8/VUlVGRwfpQb5kP3NZVn9Mb2yOVhatb3uaNz5g7vT2XbSrZbdu6YgTmavAcc:qW8RR6PYiyYa53um5g7vT2+xfmavzc

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  NEAS.8ce1e3382dc477c28b990b1e776e5b50.exe
- Size
  
  414KB
- MD5
  
  8ce1e3382dc477c28b990b1e776e5b50
- SHA1
  
  3a7cdfd07d6f44c3cc58b4267da26b990ad2f48d
- SHA256
  
  e54bcdfd80fcf14f5a4cec4c0c92bfc8f3a317be1667fb30bb86b2834d07203d
- SHA512
  
  e516599b05183f5c83626cd8a8a5e8fbb6425bc5a6a009018f3a3b2cae6412c6fabe10a29ba4e6e1358503c23cff62d2b501814f418f1b3ac44346e1cf6f25ff
- SSDEEP
  
  6144:F4W8/VUlVGRwfpQb5kP3NZVn9Mb2yOVhatb3uaNz5g7vT2XbSrZbdu6YgTmavAcc:qW8RR6PYiyYa53um5g7vT2+xfmavzc
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2