General

  • Target

    PO.PAK220050019.exe

  • Size

    572KB

  • Sample

    200709-851618lewa

  • MD5

    28ee824cd3b33dbf89e42445185c94b8

  • SHA1

    805b78c882e54850e18b2a205a86e32019bc1e7f

  • SHA256

    3ca89270a1e4ae27056087ab556bdadd89ba1ab27b505afa53a812c5f2acabc8

  • SHA512

    2ba75b1cb687c00944e6ef08f32c9942c495647a811980933180f2f201bd16d1a1e19d17fe04c4d2055560d9db1450d365a82c470237a63002648cfceb6fc02f

Score
9/10

Malware Config

Targets

    • Target

      PO.PAK220050019.exe

    • Size

      572KB

    • MD5

      28ee824cd3b33dbf89e42445185c94b8

    • SHA1

      805b78c882e54850e18b2a205a86e32019bc1e7f

    • SHA256

      3ca89270a1e4ae27056087ab556bdadd89ba1ab27b505afa53a812c5f2acabc8

    • SHA512

      2ba75b1cb687c00944e6ef08f32c9942c495647a811980933180f2f201bd16d1a1e19d17fe04c4d2055560d9db1450d365a82c470237a63002648cfceb6fc02f

    Score
    9/10
    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks