dotEXE1.exe

General
Target

dotEXE1.exe

Size

5MB

Sample

201125-vc26g49gha

Score
9 /10
MD5

d8e3e53d1eb7b3cc029ccd1b4af18aaa

SHA1

3e3057d6e140a8c7b29929b3982f3f27692635f6

SHA256

9811501a32c5d39dfccc30ada4c5538602a53b94d19ba0d6323c830f8234d27c

SHA512

5f55b1a3de85d5d298ce2fe8915b0bc9918f3f0f9758180028dd89ac0b3913a369530eb8e520cffb35eebb46db583325f65a4d070751b7fd4b8022e9b697e667

Malware Config
Targets
Target

dotEXE1.exe

MD5

d8e3e53d1eb7b3cc029ccd1b4af18aaa

Filesize

5MB

Score
9 /10
SHA1

3e3057d6e140a8c7b29929b3982f3f27692635f6

SHA256

9811501a32c5d39dfccc30ada4c5538602a53b94d19ba0d6323c830f8234d27c

SHA512

5f55b1a3de85d5d298ce2fe8915b0bc9918f3f0f9758180028dd89ac0b3913a369530eb8e520cffb35eebb46db583325f65a4d070751b7fd4b8022e9b697e667

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Executes dropped EXE

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry System Information Discovery
  • Loads dropped DLL

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      1/10

                      behavioral2

                      9/10

                      behavioral3

                      9/10