Overview

overview

9

Static

static

falsh update!.exe

windows7_x64

9

falsh update!.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    falsh update!.exe

  • Size

    1.3MB

  • Sample

    210909-p6cslsgbf7

  • MD5

    8562340b6ba907f77a6beb7b3a297fd5

  • SHA1

    85119ad0ed933e64039071365b93bfd3d76d24fe

  • SHA256

    e51fac7b628d87ce19590c1915ecf3ab3d678fd1ccdf2b94ff80991bf1f9718c

  • SHA512

    4c576bf81ea7ec78732750d04b536f39962cb72a3d178e220978ca9c9075ec6a370cba6882d2aacd2013951f49ca4360b13397bc7a280f2c9be5e6019a8e251a

Score
9/10
evasion

Malware Config

Targets

    • Target

      falsh update!.exe

    • Size

      1.3MB

    • MD5

      8562340b6ba907f77a6beb7b3a297fd5

    • SHA1

      85119ad0ed933e64039071365b93bfd3d76d24fe

    • SHA256

      e51fac7b628d87ce19590c1915ecf3ab3d678fd1ccdf2b94ff80991bf1f9718c

    • SHA512

      4c576bf81ea7ec78732750d04b536f39962cb72a3d178e220978ca9c9075ec6a370cba6882d2aacd2013951f49ca4360b13397bc7a280f2c9be5e6019a8e251a

    Score
    9/10
    evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks