General
-
Target
607ffeb1ad2f9c06cd2ad02c.zip
-
Size
10.5MB
-
Sample
210421-rsd1nhbncx
-
MD5
05ebe6b7c2a76bfb2998050a97c5d868
-
SHA1
2c0328abdd43bdfd6e84e2ebef91639f1fff1ea8
-
SHA256
e253b236af6d45f687424ca1d9354320aae579fbd539b89a85c807e3b52f4574
-
SHA512
5a91ee4b00e9b5b9666d96e72bc9fea95c8e086d49eecc44b7374d7fe661553e9b11227ea34c26b1414867d39ac269cb9a48536cbdedf1a140f83b51691c8608
Static task
static1
Behavioral task
behavioral1
Sample
START_ME.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
START_ME.exe
Resource
win10v20210410
Behavioral task
behavioral3
Sample
assets/simulation.exe
Resource
win7v20210408
Malware Config
Extracted
https://marlasinger.tylerdurdenceketi.com/vault/mitre/T1003/Invoke-Mimikatz.ps1
Targets
-
-
Target
START_ME.exe
-
Size
981KB
-
MD5
fbd344cb2db910d8d109b5b63ae11757
-
SHA1
0a04c5925db22547ee3f638e036366e475d8be99
-
SHA256
41b987215931740b614e90ba63c4f663d05eda3b8cc22fbb0e7cc7b55f4beec4
-
SHA512
e5b91ce7f680b7d27d736482454aa288c65f02c7761a6123846df856488231486acaec1644ec74cde4fad4db4d10a0cbeeb234885a4ab2ca73c7d674219e77b3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
assets/simulation.exe
-
Size
10.1MB
-
MD5
60d094b6b04349b0a859f639e1dcf232
-
SHA1
6322bc20bb9bba9678153852e74fb60ab433a90b
-
SHA256
e32867afbaf5ea286ea07dba6bc6eb1bce738865e7091361416394a9f69d0799
-
SHA512
061a7a1ec113a536843747aea03fe2ce2a373960b9b8f712b57acbc5b475b9a22ff8272ea945fc6eab1a4e9575f3376a6bba78d2b527f0372f681b8499ed9da3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-