c549149ef86a57d73577e529d0cb5cd393faa8b65e9111a3fe67f30a3b7f4613 | Triage

Sharing

General

Target

NEAS.c9b6139fcd48305d6b56376afde97690.exe
Size

411KB
Sample

231016-w9xerach27
MD5

c9b6139fcd48305d6b56376afde97690
SHA1

eb28c78f6ed3b21548504f910cd91f7663bb8620
SHA256

c549149ef86a57d73577e529d0cb5cd393faa8b65e9111a3fe67f30a3b7f4613
SHA512

28c4b08bc7048b18593853867a194922206a6ab7de09b764cafa7332a9424f755f8577fdb7ded212e251196431d9af97f0fc7b12ff5b43481f74a8b0b850e3b6
SSDEEP

12288:4PWG9t5ZdwKHYPQBJMv+feou/Rw8hR3r4:4r97/wK+QBegOqm8

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  NEAS.c9b6139fcd48305d6b56376afde97690.exe
- Size
  
  411KB
- MD5
  
  c9b6139fcd48305d6b56376afde97690
- SHA1
  
  eb28c78f6ed3b21548504f910cd91f7663bb8620
- SHA256
  
  c549149ef86a57d73577e529d0cb5cd393faa8b65e9111a3fe67f30a3b7f4613
- SHA512
  
  28c4b08bc7048b18593853867a194922206a6ab7de09b764cafa7332a9424f755f8577fdb7ded212e251196431d9af97f0fc7b12ff5b43481f74a8b0b850e3b6
- SSDEEP
  
  12288:4PWG9t5ZdwKHYPQBJMv+feou/Rw8hR3r4:4r97/wK+QBegOqm8
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2