1505d45bcc9b30ef7d23f0eae1d473730dc2467941f125b63d7453d3886db767 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

176cd7a571f2cf2a5daecd58bb8c52b6
Size

604KB
Sample

231225-mk4m4afhe8
MD5

176cd7a571f2cf2a5daecd58bb8c52b6
SHA1

ca635e4a3a36fb5cb265d0676059a3e7fe61074b
SHA256

1505d45bcc9b30ef7d23f0eae1d473730dc2467941f125b63d7453d3886db767
SHA512

69149574bacbc42108d5e1815dc19189ad0d05b5d4a30a2a68084a90765bb334cfe45fc399466e500d305a358a964b1b9d04670d1da0bb8a289cfaa2bcddae7b
SSDEEP

12288:lqmSXl3v5iqGWvSOEZIJo333nEHYdpSYzcHwYm0h/pBWGXAO6rwT2Os9eNvjAdB:lXSXl3v5fv38naHYqVSZO6rwds9cvjAb

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  176cd7a571f2cf2a5daecd58bb8c52b6
- Size
  
  604KB
- MD5
  
  176cd7a571f2cf2a5daecd58bb8c52b6
- SHA1
  
  ca635e4a3a36fb5cb265d0676059a3e7fe61074b
- SHA256
  
  1505d45bcc9b30ef7d23f0eae1d473730dc2467941f125b63d7453d3886db767
- SHA512
  
  69149574bacbc42108d5e1815dc19189ad0d05b5d4a30a2a68084a90765bb334cfe45fc399466e500d305a358a964b1b9d04670d1da0bb8a289cfaa2bcddae7b
- SSDEEP
  
  12288:lqmSXl3v5iqGWvSOEZIJo333nEHYdpSYzcHwYm0h/pBWGXAO6rwT2Os9eNvjAdB:lXSXl3v5fv38naHYqVSZO6rwds9cvjAb
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2