General
Target

501c9cdf21d2e7d3816efb23747686aec989b9f987281113aa5416bef627dbaf

Size

3MB

Sample

220520-e53yasaag8

Score
9/10
MD5

0ab333eb9f61e8df44f6acfffdfc98b2

SHA1

e9eb2e45d39223adb9c028db5fd1b56eb3c619fd

SHA256

501c9cdf21d2e7d3816efb23747686aec989b9f987281113aa5416bef627dbaf

SHA512

7ea0d62c5aa78a8e287603af09b896fb5c1042f80feabaeea6ed6639aee1ce5ab4cc47837fdb8aad906a3f6552be28cf2e899355188e5dbbcd0c6538134fc41a

Malware Config
Targets
Target

BlackDesert Online PAZ Browser.exe

MD5

4a1c0fd0dea70de9898517ac5c37d766

Filesize

1MB

Score
9/10
SHA1

38bea50aa5e4f0693bbebac4c12bbcb469b045b0

SHA256

e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62

SHA512

a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Identifies Wine through registry keys

    Description

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

Target

Libs/MahApps.Metro.dll

MD5

2871fa8aeabf5fd88de5e6d03eaa60fa

Filesize

780KB

Score
1/10
SHA1

1e40c0ae40a583f7ecfc7f2a4607c61475952309

SHA256

977e2267b546ec825a4610a7e8fc4c09dce4e97888621cefd306bbd562f29066

SHA512

afdefca73b08e86663b311e5fba24a37f22195ec2a5ce09867e6a543bdb6667b58e1168b1ff981e7ff7ececa413f4791eff725fc350d351cbb646aae8ad9a5f1

Related Tasks

Target

Libs/Microsoft.Threading.Tasks.Extensions.Desktop.dll

MD5

e548a93d16964e52868c47cef1c98f2e

Filesize

46KB

Score
1/10
SHA1

4b96b0aa48f6ac050a764c7d65f4129a9bb8cf21

SHA256

f71621c47c610e0886846cf53d955fd0e7448951f99ecc22facd47493ef97a87

SHA512

fd1377b5d2d792eccf2ab9a01529838f178126fd6748da8e27cbc908ea83813fb4de021aa88989186459fef1c11be76aaf8b29b2291203d5f34f98361acf77ab

Related Tasks

Target

Libs/Microsoft.Threading.Tasks.Extensions.dll

MD5

6aa2393ff1fde1a61d0cf51730428f74

Filesize

30KB

Score
1/10
SHA1

3c847a95a6547aa49919789d7a0cb6ed76122849

SHA256

92f1d0d6ccfb0d030789f3c5c636fcdd08f6d0541a5a54f185e8ecd85592e3f9

SHA512

1af984ec56885cdea9a0e379d659b65196713571377e2db267259dbc1f8748f1a610b0183a8fea3730f0049c3468f632240475730563c6413cbc88cc76032d91

Related Tasks

Target

Libs/Microsoft.Threading.Tasks.dll

MD5

d01819bfe03222dfa9e35a36555b6b6c

Filesize

36KB

Score
1/10
SHA1

25f8069590b14724f28e6a04b8a42e4ef4a8562d

SHA256

5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94

SHA512

e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477

Related Tasks

Target

Libs/System.IO.dll

MD5

05aa69dfc063cd17312348bcb08a1f4f

Filesize

20KB

Score
1/10
SHA1

9ac9b30c8a15ff8ca4357df532a3cf9fcf252f6a

SHA256

66400c153c76b965c9156c31aa34453caef250056c5dd0888dac011d7a3f7f4a

SHA512

1f43ee7a1fb085270b6cdb0aef28984b8e53532b8b2347fce8ea1910818b8b6104461670d3a86ca796fe0fa1a16c953aca7d29aa92fb1cd4a9c98712fb5d8000

Related Tasks

Target

Libs/System.Runtime.dll

MD5

7b864dd560373e17f38338dfdc299182

Filesize

21KB

Score
1/10
SHA1

0ca4686635ac12ecbed9050e98117242b69fc004

SHA256

0f1f595042419911eef073fcc6a7f3d1ff7cb360dde964db0ca0fa136264aeae

SHA512

dadbe37d03021865c709ede5ffd247c1f9f34cf912e578d3f75e829be9e30735c334b48507e0324b33dd619cdae1d07b74fd81f4c19d271983f7f1e90a340fb3

Related Tasks

Target

Libs/System.Threading.Tasks.dll

MD5

1183ca0085c8b22276342c342a4f2e02

Filesize

33KB

Score
1/10
SHA1

c6271bf1da0c0b2f729246856616a577dc84ca5a

SHA256

718db47e2fa88d0dad322c6255a22fa2cb1b635a6c5be06c672572f1b0a6642f

SHA512

2d8a6646d80d1343b1de11f54113b233d7c9fed13f70a7d515abafb31b1108801dfb32d418471f0772b42a9ed567c5cd80a32371142f3c5048861dceb42db3ac

Related Tasks

Target

Libs/System.Windows.Interactivity.dll

MD5

3ab57a33a6e3a1476695d5a6e856c06a

Filesize

39KB

Score
1/10
SHA1

dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7

SHA256

4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876

SHA512

58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

Related Tasks

Target

NativeDecompress.dll

MD5

84b679ddb4975de2d2fc0e1a37042ac5

Filesize

1MB

Score
9/10
SHA1

5e80e5df5514ce5603578c738a63210ef4c2f55e

SHA256

64284f7cddd51086946191dbaaf1d23869b99ef47892f250682c2d568aa874f5

SHA512

3c574ed06b7d798c1f92dad6019ee510b660fcb2267f91528cfcc94c96a003f55504d534aaea694baa87a21665c8c180e4e1ad5735041a779336f2996062ec2a

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Identifies Wine through registry keys

    Description

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    9/10

                    behavioral2

                    Score
                    9/10

                    behavioral3

                    Score
                    1/10

                    behavioral4

                    Score
                    1/10

                    behavioral5

                    Score
                    1/10

                    behavioral6

                    Score
                    1/10

                    behavioral7

                    Score
                    1/10

                    behavioral8

                    Score
                    1/10

                    behavioral9

                    Score
                    1/10

                    behavioral10

                    Score
                    1/10

                    behavioral11

                    Score
                    1/10

                    behavioral12

                    Score
                    1/10

                    behavioral13

                    Score
                    1/10

                    behavioral14

                    Score
                    1/10

                    behavioral15

                    Score
                    1/10

                    behavioral16

                    Score
                    1/10

                    behavioral17

                    Score
                    1/10

                    behavioral18

                    Score
                    1/10

                    behavioral19

                    Score
                    9/10

                    behavioral20

                    Score
                    9/10