0319b275cc298c8bede58d2081c1e87005ba1a5a33db2f5384c3d4e16d35e938 | Triage

Sharing

General

Target

0319b275cc298c8bede58d2081c1e87005ba1a5a33db2f5384c3d4e16d35e938
Size

499KB
Sample

240309-w77gyafe3w
MD5

50e6b7eb40e92c0353379a8c184ef9e1
SHA1

1707314fcf2de34235a883b992377dcb8357af65
SHA256

0319b275cc298c8bede58d2081c1e87005ba1a5a33db2f5384c3d4e16d35e938
SHA512

7c5b1baa537c61301a40d6cd83def52cb0b57da3bc3e8b353b558b2a518025735098a8f8ef6f22a007a4c80f7c3103c205784955a7485f58bd28b1dc7fdeda5a
SSDEEP

12288:6bEqkIX9IoqwhJmWYUXBDcLP7jGKk1XKdsKFWn:6bRk++whzBIP7jCJn

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  0319b275cc298c8bede58d2081c1e87005ba1a5a33db2f5384c3d4e16d35e938
- Size
  
  499KB
- MD5
  
  50e6b7eb40e92c0353379a8c184ef9e1
- SHA1
  
  1707314fcf2de34235a883b992377dcb8357af65
- SHA256
  
  0319b275cc298c8bede58d2081c1e87005ba1a5a33db2f5384c3d4e16d35e938
- SHA512
  
  7c5b1baa537c61301a40d6cd83def52cb0b57da3bc3e8b353b558b2a518025735098a8f8ef6f22a007a4c80f7c3103c205784955a7485f58bd28b1dc7fdeda5a
- SSDEEP
  
  12288:6bEqkIX9IoqwhJmWYUXBDcLP7jGKk1XKdsKFWn:6bRk++whzBIP7jCJn
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2