e65ba9322f800de3e00caceec5f82af59a659cd0d7d64eb4bec5da0ee545cdb6 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

694faa2866...a8.exe

windows7-x64

9

694faa2866...a8.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

14109107612.zip
Size

7.8MB
Sample

240109-ck2hmabegr
MD5

2d6028fb17c6e3824bdd9b7cfb578b80
SHA1

f83b928499054344f0ac8cff1749274596c17b40
SHA256

e65ba9322f800de3e00caceec5f82af59a659cd0d7d64eb4bec5da0ee545cdb6
SHA512

aa512ef35779c89622d5f3b938cb984a6c8c93df341fa11b3b2fa9667c002ede9489fe1965c49a18fd1be0083532409dbaa4f67bb9d26b3f54366f04060de947
SSDEEP

196608:0lzTSrY0dqh+l5OUol1/g9vzvTZ/S+6od98MuhnAGBq4hsAIm4rg2v:WTSx1v+x4vzbZ/Su8MuuSvIRrFv

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

694faa28668a3325821aa25aa67ed37b5d320b41781f807b4ec9bcd675d607a8.exe

Resource

win7-20231215-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

694faa28668a3325821aa25aa67ed37b5d320b41781f807b4ec9bcd675d607a8.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  694faa28668a3325821aa25aa67ed37b5d320b41781f807b4ec9bcd675d607a8
- Size
  
  10.9MB
- MD5
  
  93291ec290b98858c2c6d2e9d360b277
- SHA1
  
  c31d52d232fa01507b9ce973c3c6603b6084a707
- SHA256
  
  694faa28668a3325821aa25aa67ed37b5d320b41781f807b4ec9bcd675d607a8
- SHA512
  
  78265580f7c2a0241a9d0a537ef16eebfb1fa11ea59b89f2476b2422a4baf0af7cab9a9ede6109f8f963104b47c15b40656f85136d5c66a2883f94d834656389
- SSDEEP
  
  49152:6nZQEWHqvKD2ij5MbU8B+GI66G9AcgmOohDdyfif1yfGV3GPxXSDM98BRUKo6uDx:86je1muOvoTE
Score

9^/10

evasion
- Enumerates VirtualBox DLL files
- Looks for VirtualBox drivers on disk
  evasion
- Looks for VirtualBox executables on disk
- Looks for VMWare drivers on disk
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy