48a02cad33e580c75623f1e5b7f31abd174cde98be1381d002e7c2ce53ea2e77 | Triage

Sharing

General

Target

sddssdds.exe
Size

1.9MB
Sample

200714-vwl6m2mhpa
MD5

90885f67315b5161abc99a32af0502b8
SHA1

75fb52283242351d76cd593235141030a6bec495
SHA256

48a02cad33e580c75623f1e5b7f31abd174cde98be1381d002e7c2ce53ea2e77
SHA512

777a6101fdafd8702acb65a9609e723c5119a96967d6e943c86b76480c5e142bedf1b9e5a1b48d2d1fec82fdffa2453f0f142068923ff97213cefbbcb9dc8187

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  sddssdds.exe
- Size
  
  1.9MB
- MD5
  
  90885f67315b5161abc99a32af0502b8
- SHA1
  
  75fb52283242351d76cd593235141030a6bec495
- SHA256
  
  48a02cad33e580c75623f1e5b7f31abd174cde98be1381d002e7c2ce53ea2e77
- SHA512
  
  777a6101fdafd8702acb65a9609e723c5119a96967d6e943c86b76480c5e142bedf1b9e5a1b48d2d1fec82fdffa2453f0f142068923ff97213cefbbcb9dc8187
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2