dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8

General
Target

dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8

Size

3MB

Sample

220120-j8as5shaal

Score
9 /10
MD5

a997db4429053e504cd9d4afaab825cd

SHA1

c0f15b9aaf8876619b9dbe08e429a024d646b867

SHA256

dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8

SHA512

84bf29ec7b74577c801507d2f08de15b64d3940650067f12a9433924305fa4741593e08b91cb75100c39590f769a9c63b7c3d14faaf9c8d675de35b1a7636117

Malware Config
Targets
Target

dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8

MD5

a997db4429053e504cd9d4afaab825cd

Filesize

3MB

Score
9/10
SHA1

c0f15b9aaf8876619b9dbe08e429a024d646b867

SHA256

dca68095317df735cbaac8724a3d4af4aa504d1b58e30699388b67ec44a0e5b8

SHA512

84bf29ec7b74577c801507d2f08de15b64d3940650067f12a9433924305fa4741593e08b91cb75100c39590f769a9c63b7c3d14faaf9c8d675de35b1a7636117

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Executes dropped EXE

  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    7/10