General
Target

e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62

Size

1MB

Sample

220520-e5tdvsaaf9

Score
9/10
MD5

4a1c0fd0dea70de9898517ac5c37d766

SHA1

38bea50aa5e4f0693bbebac4c12bbcb469b045b0

SHA256

e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62

SHA512

a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195

Malware Config
Targets
Target

e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62

MD5

4a1c0fd0dea70de9898517ac5c37d766

Filesize

1MB

Score
9/10
SHA1

38bea50aa5e4f0693bbebac4c12bbcb469b045b0

SHA256

e17f07f62bed84c388121ef63ecae48ac69834ae4cdff92b5f8871ed88f67c62

SHA512

a3632a5c15a0d5b84e28fc7e2f95a5b73e8f08037c1415682592eceaf9001aa971135cf534a4d039c9bd8854e0c08359ac300a27c429e592879367b7ae83c195

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Identifies Wine through registry keys

    Description

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    9/10

                    behavioral2

                    Score
                    9/10