General
-
Target
dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8
-
Size
3MB
-
Sample
220120-j8as5shaal
-
MD5
a997db4429053e504cd9d4afaab825cd
-
SHA1
c0f15b9aaf8876619b9dbe08e429a024d646b867
-
SHA256
dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8
-
SHA512
84bf29ec7b74577c801507d2f08de15b64d3940650067f12a9433924305fa4741593e08b91cb75100c39590f769a9c63b7c3d14faaf9c8d675de35b1a7636117
Static task
static1
Behavioral task
behavioral1
Sample
dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8
-
Size
3MB
-
MD5
a997db4429053e504cd9d4afaab825cd
-
SHA1
c0f15b9aaf8876619b9dbe08e429a024d646b867
-
SHA256
dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8
-
SHA512
84bf29ec7b74577c801507d2f08de15b64d3940650067f12a9433924305fa4741593e08b91cb75100c39590f769a9c63b7c3d14faaf9c8d675de35b1a7636117
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation