General

  • Target

    412464b25bf136c3780aff5a5a67d9390a0d6a6f852aea0957263fc41e266c8b

  • Size

    2.4MB

  • Sample

    220521-x34qxscha5

  • MD5

    848c93b61daed461ca0b5451c86a5a57

  • SHA1

    542253b1d64955af2e90a4c7940a573b0e11359b

  • SHA256

    412464b25bf136c3780aff5a5a67d9390a0d6a6f852aea0957263fc41e266c8b

  • SHA512

    f1917e83f1ac73c6db13fda68e4888db25f65060ec4c821fe715cff16db91a812d8afc782cbc81fb31c5ecd0e136815b8603e0ecbc4f63f8dc9d7a57c52ab9cd

Malware Config

Targets

    • Target

      412464b25bf136c3780aff5a5a67d9390a0d6a6f852aea0957263fc41e266c8b

    • Size

      2.4MB

    • MD5

      848c93b61daed461ca0b5451c86a5a57

    • SHA1

      542253b1d64955af2e90a4c7940a573b0e11359b

    • SHA256

      412464b25bf136c3780aff5a5a67d9390a0d6a6f852aea0957263fc41e266c8b

    • SHA512

      f1917e83f1ac73c6db13fda68e4888db25f65060ec4c821fe715cff16db91a812d8afc782cbc81fb31c5ecd0e136815b8603e0ecbc4f63f8dc9d7a57c52ab9cd

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks