Fads_Gercekler.exe

General
Target

Fads_Gercekler.exe

Size

2MB

Sample

210504-s3fd7d2h1s

Score
10 /10
MD5

e0fcc6006b8db87d96c047775ca5c598

SHA1

9429e298482ea5d8f2802353a4b97544e7bc0949

SHA256

7b187ffdf087fa28e04f239ba10f031bcc73518f4126e75ead32145ad83f51fd

SHA512

20651b60b623daddda4d2b5a2f33971121d85a0c0e57357d65c29a00b931003ed72f1a669d3671d2088cb689bc69ac243dcf47ab906d11206c90d549f01a2ee0

Malware Config
Targets
Target

Fads_Gercekler.exe

MD5

e0fcc6006b8db87d96c047775ca5c598

Filesize

2MB

Score
10 /10
SHA1

9429e298482ea5d8f2802353a4b97544e7bc0949

SHA256

7b187ffdf087fa28e04f239ba10f031bcc73518f4126e75ead32145ad83f51fd

SHA512

20651b60b623daddda4d2b5a2f33971121d85a0c0e57357d65c29a00b931003ed72f1a669d3671d2088cb689bc69ac243dcf47ab906d11206c90d549f01a2ee0

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify Registry Modify Existing Service Disabling Security Tools
  • Turns off Windows Defender SpyNet reporting

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • UAC bypass

    Tags

    TTPs

    Bypass User Account Control Disabling Security Tools Modify Registry
  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Looks for VirtualBox Guest Additions in registry

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Nirsoft

  • Executes dropped EXE

  • Looks for VMWare Tools registry key

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry System Information Discovery
  • Drops startup file

  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Maps connected drives based on registry

    Description

    Disk information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  10/10

                  behavioral2

                  10/10