General

  • Target

    e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2

  • Size

    2.1MB

  • Sample

    210513-4e4gsye53a

  • MD5

    cafe69a59c0c3c646ea7f114180d4d8b

  • SHA1

    70961e60e1e279bd2882c4693ca7de7c9c96981b

  • SHA256

    e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2

  • SHA512

    40eda1da28f5fe0aa6bab25b6c6dcdca226a6dcd3385d9c8870b33c48f0398269643e887d6c1f390547fa97a31c817241c090da37830bcf67f6f44ceb2ea36d0

Score
10/10

Malware Config

Targets

    • Target

      e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2

    • Size

      2.1MB

    • MD5

      cafe69a59c0c3c646ea7f114180d4d8b

    • SHA1

      70961e60e1e279bd2882c4693ca7de7c9c96981b

    • SHA256

      e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2

    • SHA512

      40eda1da28f5fe0aa6bab25b6c6dcdca226a6dcd3385d9c8870b33c48f0398269643e887d6c1f390547fa97a31c817241c090da37830bcf67f6f44ceb2ea36d0

    Score
    10/10
    • Modifies visibility of file extensions in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hidden Files and Directories

1
T1158

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

2
T1112

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Tasks