67c5cab06eb864d30cfed863f142fc4d80e3e324b7b30d46e37e38451f306679 | Triage

Sharing

General

Target

PurchaseOrderPDF.exe
Size

622KB
Sample

210113-1n2y6m5x36
MD5

26bdf798d94b9a8cde3a7baf41c119c7
SHA1

54583e962e90d5af8ab1f5d2dd43284dc5ee88c3
SHA256

67c5cab06eb864d30cfed863f142fc4d80e3e324b7b30d46e37e38451f306679
SHA512

13f9baad5e0b929757ab2baad1e8c599c4f8974899aceaa8852784558f3676458000b2de4ffc0e2e37393989a52084590c0cc586fea47a1f8e7d238bba2b0f6c

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  PurchaseOrderPDF.exe
- Size
  
  622KB
- MD5
  
  26bdf798d94b9a8cde3a7baf41c119c7
- SHA1
  
  54583e962e90d5af8ab1f5d2dd43284dc5ee88c3
- SHA256
  
  67c5cab06eb864d30cfed863f142fc4d80e3e324b7b30d46e37e38451f306679
- SHA512
  
  13f9baad5e0b929757ab2baad1e8c599c4f8974899aceaa8852784558f3676458000b2de4ffc0e2e37393989a52084590c0cc586fea47a1f8e7d238bba2b0f6c
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2