12f8358458e4acc01efd7a5c73e69c269eca0ffe6fb08d547c454249e6a0b4bf | Triage

Sharing

General

Target

544148eda133f8eccd20027db35ad155
Size

512KB
Sample

231226-e4v63adham
MD5

544148eda133f8eccd20027db35ad155
SHA1

c29cd4a88e4a2ae5722f74041abd06b2d4f25192
SHA256

12f8358458e4acc01efd7a5c73e69c269eca0ffe6fb08d547c454249e6a0b4bf
SHA512

3b95f4ccd520b0c874aa751706b3c7f9b112e5c82e50feeba6b46668aa22830eea4148481a9de72f0883ccc7c86b9dc0a1514a03b6bda1cc1a0a9782f36a08a7
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4c:0+h9OY70z+warul3E4c

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  544148eda133f8eccd20027db35ad155
- Size
  
  512KB
- MD5
  
  544148eda133f8eccd20027db35ad155
- SHA1
  
  c29cd4a88e4a2ae5722f74041abd06b2d4f25192
- SHA256
  
  12f8358458e4acc01efd7a5c73e69c269eca0ffe6fb08d547c454249e6a0b4bf
- SHA512
  
  3b95f4ccd520b0c874aa751706b3c7f9b112e5c82e50feeba6b46668aa22830eea4148481a9de72f0883ccc7c86b9dc0a1514a03b6bda1cc1a0a9782f36a08a7
- SSDEEP
  
  12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4c:0+h9OY70z+warul3E4c
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2