58f7b1dd28c24592a5cd71b47ac954378fe00b2c629c37361a27b7cfa04448e6 | Triage

Submit
Reports

Overview

overview

Static

static

VM_eFax Me...31.exe

windows7_x64

VM_eFax Me...31.exe

windows10_x64

Sharing

General

Target

e-Fax_Message_329800021831.zip
Size

15KB
Sample

210420-mf87qx7qbs
MD5

3a8e22a65673cd0a2a7f5157c2c465bb
SHA1

ebce4991512249f3a1fcd5146243228632ae538f
SHA256

58f7b1dd28c24592a5cd71b47ac954378fe00b2c629c37361a27b7cfa04448e6
SHA512

769365f8496b8a29e09e6bd37a2d91c8ad75ffce1445026df69731de296a70dc662d497a0063c8532c2dab5390826c259284d773433e52894ba592e202b8df9b

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

VM_eFax Message_329800021831.exe

Resource

win7v20210410

evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

VM_eFax Message_329800021831.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  VM_eFax Message_329800021831.exe
- Size
  
  32KB
- MD5
  
  ab4ea70d405371be8567723592d12074
- SHA1
  
  1d7c6d8480fe324e39565c183f821090b62e78c8
- SHA256
  
  c32ca87d5274abfdcd6447a5e5a8b8f94c347b6dbdef7794481687560f4897f9
- SHA512
  
  2106fdd5a800dc1e0f3052751dd81751dbaedc4504cd36ee24d724cf66e61b90f43fcf7a18809d7577f64ed6b03e5b4ed2c46a9150cffc9d976c13ebd32ba38f
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Looks for VirtualBox Guest Additions in registry
  evasion
- Nirsoft
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Virtualization/Sandbox Evasion

Install Root Certificate

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy