254e859cf333e48c0b4fa877b0cd615022467520705cfb7625644936846e1830 | Triage

Sharing

General

Target

717294dcb97fdc6956961d959c5277cc
Size

552KB
Sample

240124-e3t8daagc2
MD5

717294dcb97fdc6956961d959c5277cc
SHA1

a804ec581e88031d058b589f6d943afcaa7f9dea
SHA256

254e859cf333e48c0b4fa877b0cd615022467520705cfb7625644936846e1830
SHA512

e3c84faee7a9879ba87688fea19b73615cc94348281d6b3978c430a072773e315dd2f885e87e7be67bbfc9588c3b97e87486cbb718ff14ddf6b5ab84e48c76e0
SSDEEP

12288:WXIuAEiJXh7v11VAp6zb8pigzZ+rh44m3PwVzugJ2rDcnTjAdU:WYuAEiJ511VAwzb8pigzZS0P6SgJ2DcP

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  717294dcb97fdc6956961d959c5277cc
- Size
  
  552KB
- MD5
  
  717294dcb97fdc6956961d959c5277cc
- SHA1
  
  a804ec581e88031d058b589f6d943afcaa7f9dea
- SHA256
  
  254e859cf333e48c0b4fa877b0cd615022467520705cfb7625644936846e1830
- SHA512
  
  e3c84faee7a9879ba87688fea19b73615cc94348281d6b3978c430a072773e315dd2f885e87e7be67bbfc9588c3b97e87486cbb718ff14ddf6b5ab84e48c76e0
- SSDEEP
  
  12288:WXIuAEiJXh7v11VAp6zb8pigzZ+rh44m3PwVzugJ2rDcnTjAdU:WYuAEiJ511VAwzb8pigzZS0P6SgJ2DcP
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2