Overview

overview

9

Static

static

SecuriteIn...35.exe

windows7_x64

9

SecuriteIn...35.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Razy.463744.1299.18235

  • Size

    2.6MB

  • Sample

    201109-tanx51twte

  • MD5

    9f1331b4968f26255e5331cb003ff25d

  • SHA1

    457e69a75a56bc9dfd414ea7aa52b732396a463d

  • SHA256

    fdf5f9635c047cde3c096139490f3462d03434986b1450ca5f01be74e1f5b559

  • SHA512

    34a8d5fa280cef867eaef5a1b6f5df4e477476ed046ef105fee42a43e15d395576072aa148ffd31805451849ca3e309316caf145a641745c25bdab2591824267

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Variant.Razy.463744.1299.18235

    • Size

      2.6MB

    • MD5

      9f1331b4968f26255e5331cb003ff25d

    • SHA1

      457e69a75a56bc9dfd414ea7aa52b732396a463d

    • SHA256

      fdf5f9635c047cde3c096139490f3462d03434986b1450ca5f01be74e1f5b559

    • SHA512

      34a8d5fa280cef867eaef5a1b6f5df4e477476ed046ef105fee42a43e15d395576072aa148ffd31805451849ca3e309316caf145a641745c25bdab2591824267

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks