d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5 | Triage

Sharing

General

Target

Inv.276.exe
Size

564KB
Sample

200713-nkbrldw7fs
MD5

d26aaf27b2cc642cb344d44a92c7ff42
SHA1

c91b1fd22f2626262ebe16ca4116c34cb1f22aed
SHA256

d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5
SHA512

3ff2d9807ab78ead700880b1582e079c9020d2b92aa1d60662435acdd5d16acb61eb1316acbbeb536448311d5f19c47060a422bed4226ceef497201d09a1db70

Score

9^/10

Malware Config

Targets

- Target
  
  Inv.276.exe
- Size
  
  564KB
- MD5
  
  d26aaf27b2cc642cb344d44a92c7ff42
- SHA1
  
  c91b1fd22f2626262ebe16ca4116c34cb1f22aed
- SHA256
  
  d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5
- SHA512
  
  3ff2d9807ab78ead700880b1582e079c9020d2b92aa1d60662435acdd5d16acb61eb1316acbbeb536448311d5f19c47060a422bed4226ceef497201d09a1db70
Score

9^/10
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2