Overview

overview

9

Static

static

rcffjegiii...tp.exe

windows7_x64

9

rcffjegiii...tp.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rcffjegiiinnwpebfbgtp.exe

  • Size

    14.8MB

  • Sample

    220520-2hxt4afdc6

  • MD5

    4b56ac2187b958bdc5cd33e677d3d48a

  • SHA1

    8de5a8dbebbad452a9ff96f07e7970193e746386

  • SHA256

    c7cf2cb175bcc0e3a3a322987c6582e404756c8187424fdc0e9a315305a06870

  • SHA512

    c1f6b1a6704b8267a07a51ab168ffad4247641322e3eca43786683007725c6d81a609eb9c629b3fd847ab3664617713751e10a83b314e832f0a9a7b155f8dc24

Score
9/10
evasion

Malware Config

Targets

    • Target

      rcffjegiiinnwpebfbgtp.exe

    • Size

      14.8MB

    • MD5

      4b56ac2187b958bdc5cd33e677d3d48a

    • SHA1

      8de5a8dbebbad452a9ff96f07e7970193e746386

    • SHA256

      c7cf2cb175bcc0e3a3a322987c6582e404756c8187424fdc0e9a315305a06870

    • SHA512

      c1f6b1a6704b8267a07a51ab168ffad4247641322e3eca43786683007725c6d81a609eb9c629b3fd847ab3664617713751e10a83b314e832f0a9a7b155f8dc24

    Score
    9/10
    evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Downloads MZ/PE file

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks