b16313623225240e8d7e449c11d808f59807a3cce123b65aee197e5cc38a2a60 | Triage

Sharing

General

Target

IMG-654-611-44.JPEG.zip.scr
Size

816KB
Sample

200714-ltn5vfpmsn
MD5

83548d974ace23e31217eba1d0888fcb
SHA1

8b44b85cd1f009bca7da3f98cbac92fd5e601131
SHA256

b16313623225240e8d7e449c11d808f59807a3cce123b65aee197e5cc38a2a60
SHA512

6ad31152e5b0956254c0f4dfdacd54d5dcceda5628b820b61ffe1c6824c538b38b7899fe95d7c07426c180798cfbd1ceb7e996efda2d1e55bbdfb9de7bf0bf95

Score

9^/10

Malware Config

Targets

- Target
  
  IMG-654-611-44.JPEG.zip.scr
- Size
  
  816KB
- MD5
  
  83548d974ace23e31217eba1d0888fcb
- SHA1
  
  8b44b85cd1f009bca7da3f98cbac92fd5e601131
- SHA256
  
  b16313623225240e8d7e449c11d808f59807a3cce123b65aee197e5cc38a2a60
- SHA512
  
  6ad31152e5b0956254c0f4dfdacd54d5dcceda5628b820b61ffe1c6824c538b38b7899fe95d7c07426c180798cfbd1ceb7e996efda2d1e55bbdfb9de7bf0bf95
Score

9^/10
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2