055e54b1b9c3beb522bdc8e06889208de3b5e0a4b49e1b03857ca9edfe135402 | Triage

Sharing

General

Target

055e54b1b9c3beb522bdc8e06889208de3b5e0a4b49e1b03857ca9edfe135402
Size

410KB
Sample

240310-xqdzqsac63
MD5

dd0b61d2fd38ad24d6d8ff9e711b54c3
SHA1

1f5953e4206e79d93f73663a769a386978713073
SHA256

055e54b1b9c3beb522bdc8e06889208de3b5e0a4b49e1b03857ca9edfe135402
SHA512

729b79d031d029856dbeef2f2db2b0c8376fbca4c98495534ce059f2c2552e424623588292e56d3ac49313599236a97934cf2d94ab39aad61f315b22ee7f45bc
SSDEEP

12288:TANnXCSMhREvGllZwrqY4OMGWvzLv0v/EJDqb:TAlyfN6tMGWvzLesJub

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  055e54b1b9c3beb522bdc8e06889208de3b5e0a4b49e1b03857ca9edfe135402
- Size
  
  410KB
- MD5
  
  dd0b61d2fd38ad24d6d8ff9e711b54c3
- SHA1
  
  1f5953e4206e79d93f73663a769a386978713073
- SHA256
  
  055e54b1b9c3beb522bdc8e06889208de3b5e0a4b49e1b03857ca9edfe135402
- SHA512
  
  729b79d031d029856dbeef2f2db2b0c8376fbca4c98495534ce059f2c2552e424623588292e56d3ac49313599236a97934cf2d94ab39aad61f315b22ee7f45bc
- SSDEEP
  
  12288:TANnXCSMhREvGllZwrqY4OMGWvzLv0v/EJDqb:TAlyfN6tMGWvzLesJub
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2