0642fefd742e933c988b5f7c5fb8ad51bfac3da60cfaa2ad917102223842ad75 | Triage

Sharing

General

Target

73d7a0dd46377cc9918cb0acea19fa69
Size

547KB
Sample

240125-f2zbdahegm
MD5

73d7a0dd46377cc9918cb0acea19fa69
SHA1

1689f97211d4a2c0315422af998ef6cc1746341d
SHA256

0642fefd742e933c988b5f7c5fb8ad51bfac3da60cfaa2ad917102223842ad75
SHA512

5361d02c1a71bb93aa3acd8caaac4eae0bea9aa3021a37e4664dfb66d12107cd7706aac932a07e537ace72253ee8242c2f638659e675912386ce169589d8f1a0
SSDEEP

12288:T5Dt4Xuc/zb5oKwpmE6GZPaTbaezxtw6a1i+BTjAd0:Tht4XuSwpmE6GZWJt5GLBTjA+

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  73d7a0dd46377cc9918cb0acea19fa69
- Size
  
  547KB
- MD5
  
  73d7a0dd46377cc9918cb0acea19fa69
- SHA1
  
  1689f97211d4a2c0315422af998ef6cc1746341d
- SHA256
  
  0642fefd742e933c988b5f7c5fb8ad51bfac3da60cfaa2ad917102223842ad75
- SHA512
  
  5361d02c1a71bb93aa3acd8caaac4eae0bea9aa3021a37e4664dfb66d12107cd7706aac932a07e537ace72253ee8242c2f638659e675912386ce169589d8f1a0
- SSDEEP
  
  12288:T5Dt4Xuc/zb5oKwpmE6GZPaTbaezxtw6a1i+BTjAd0:Tht4XuSwpmE6GZWJt5GLBTjA+
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2