General
Target
Size
Sample
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
1MB
220520-e5tdvsaaf9
Score
9/10
MD5
SHA1
SHA256
SHA512
4a1c0fd0dea70de9898517ac5c37d766
38bea50aa5e4f0693bbebac4c12bbcb469b045b0
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195
Malware Config
Targets
Target
MD5
Filesize
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
4a1c0fd0dea70de9898517ac5c37d766
1MB
Score
9/10
SHA1
SHA256
SHA512
38bea50aa5e4f0693bbebac4c12bbcb469b045b0
e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62
a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195
Tags
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Identifies Wine through registry keys
Description
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
-
Writes to the Master Boot Record (MBR)
Description
Bootkits write to the MBR to gain persistence at a level below the operating system.
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
9/10
behavioral2
Score
9/10