Overview

overview

9

Static

static

oblot.dll

windows7_x64

9

oblot.dll

windows10-2004_x64

9

Resubmissions

12-05-2022 21:09

220512-zzeczaabg4 9

10-05-2022 12:16

220510-pfl9csbefm 10

09-05-2022 23:26

220509-3e4nxaedh7 10

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    12-05-2022 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oblot.dll

  • Size

    1.3MB

  • MD5

    38ea4397f1c9dfe79e9accaebe7487ec

  • SHA1

    24614b49e47bbdc30263cc86cea8aceb2781f1ed

  • SHA256

    281a1cfaebf968012e9596721d14b1bd6429744617e73f96558cb68bcc0db8f8

  • SHA512

    3b8d8deb404a52cb43306c8b3275f61efd8092202cf5ac5d86c342664b1673080abb3689f77b5bcc94b88ca10f238eb2dba67161619588e443ca6e04e261399b

Score
9/10
evasion

Malware Config

Signatures

  • Enumerates VirtualBox registry keys 2 TTPs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs
    evasion
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\oblot.dll,#1
    1⤵
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious behavior: EnumeratesProcesses
    PID:1664

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads