c32fd7c62aab99cc4728af00fc88314eb353e8ed927b25518a8cf8aae6ee294d | Triage

Sharing

General

Target

c32fd7c62aab99cc4728af00fc88314eb353e8ed927b25518a8cf8aae6ee294d
Size

1.2MB
Sample

220520-3vvqyacdgr
MD5

31c3cb3c4bc98a2df80a310478d22bff
SHA1

c622ccdf8eef6119cbc334449244ad5197a1a4f1
SHA256

c32fd7c62aab99cc4728af00fc88314eb353e8ed927b25518a8cf8aae6ee294d
SHA512

59f2e28a5ec52fa26dde41b57c061035d788cefbcb39e8a5659be322e55603d3369de68d3cd5448b11064ca428ddfb5e7cdadf51ad8d7be765bd153bc325d032

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  SHIPING_.EXE
- Size
  
  324KB
- MD5
  
  ba845238a18fce703027ff6ead54d39d
- SHA1
  
  b4330999fa833f70c8043d356141619a12888833
- SHA256
  
  76fd32c94282886e069385963dae1a78eaaac41d2f124d7311476a344ebd8e49
- SHA512
  
  b35fc1dac8c036f530ce427fee622e36a224ebf7be2f861a16ac21fd6a57678410487374c783d47e5602dba03f59b771a1afeff143dfaf39dcc0231c2050af9a
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2