Overview

overview

9

Static

static

full Spec.exe

windows7_x64

9

full Spec.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    full Spec.exe

  • Size

    266KB

  • Sample

    200713-dm612q2b6s

  • MD5

    a994061f01e40fcd5444758d8f8e9ea8

  • SHA1

    dd4698b748cc9b2e51e473c8ed631de7b501eb04

  • SHA256

    b5e24dadb37baef657518567251b23974da701cdef65afeb37500e3be3a8c4e6

  • SHA512

    62aba4e73896ed0eb16f4dd8de74c6e1c92a0599b0dc4466e2a48aee96b804dfb9b87ae3db9c7d21935772356937d68b22ebbce00ec169a1d39d0dc544d14225

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      full Spec.exe

    • Size

      266KB

    • MD5

      a994061f01e40fcd5444758d8f8e9ea8

    • SHA1

      dd4698b748cc9b2e51e473c8ed631de7b501eb04

    • SHA256

      b5e24dadb37baef657518567251b23974da701cdef65afeb37500e3be3a8c4e6

    • SHA512

      62aba4e73896ed0eb16f4dd8de74c6e1c92a0599b0dc4466e2a48aee96b804dfb9b87ae3db9c7d21935772356937d68b22ebbce00ec169a1d39d0dc544d14225

    Score
    9/10
    evasiontrojan

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks