205d8d1f507486f177b51f794200a3514ca6de7a01bf4294724a14a724e3cd60
General
Target
Size
Sample
205d8d1f507486f177b51f794200a3514ca6de7a01bf4294724a14a724e3cd60
9MB
220520-1cekwsghel
Score
9 /10
MD5
SHA1
SHA256
SHA512
0ec29d2e49bae6f922b735be7259d3cc
0a806b4918388a56e877ca92559d15725df439f2
205d8d1f507486f177b51f794200a3514ca6de7a01bf4294724a14a724e3cd60
486507b682227fae304280c96a7f6f6ee6a08615cbcbac7754acfd5ee74eb24325ab1cfb8c010b9663cd108b882f78cff9b344515df01c6574e77ac01341be2c
Malware Config
Targets
Target
MD5
Filesize
205d8d1f507486f177b51f794200a3514ca6de7a01bf4294724a14a724e3cd60
0ec29d2e49bae6f922b735be7259d3cc
9MB
Score
9/10
SHA1
SHA256
SHA512
0a806b4918388a56e877ca92559d15725df439f2
205d8d1f507486f177b51f794200a3514ca6de7a01bf4294724a14a724e3cd60
486507b682227fae304280c96a7f6f6ee6a08615cbcbac7754acfd5ee74eb24325ab1cfb8c010b9663cd108b882f78cff9b344515df01c6574e77ac01341be2c
Tags
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Deletes itself
-
Identifies Wine through registry keys
Description
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Tags
TTPs
-
Loads dropped DLL
-
Checks whether UAC is enabled
Tags
TTPs
-
Writes to the Master Boot Record (MBR)
Description
Bootkits write to the MBR to gain persistence at a level below the operating system.
Tags
TTPs
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks