Overview

overview

9

Static

static

7

3403923f1a...36.dll

windows7_x64

9

3403923f1a...36.dll

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3403923f1a151466a81c2c7a1fda617b7fbb43b1b8b0325e26e30ed06b6eb936

  • Size

    2.4MB

  • Sample

    220521-x4e4ysgafm

  • MD5

    7a35502a5df5334c0ffde46303b1f56d

  • SHA1

    5729508b725b7add8d2158aee2d0a3bc18a7a38a

  • SHA256

    3403923f1a151466a81c2c7a1fda617b7fbb43b1b8b0325e26e30ed06b6eb936

  • SHA512

    a460bc541f0b68ba5c5ddbea3f78e1e933c50a119baaba3b753ef44bf1e40802b88cd97205ae064c18dcfebb7d79a7acdf769c1327962a6b90d35fa9047d4ed7

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      3403923f1a151466a81c2c7a1fda617b7fbb43b1b8b0325e26e30ed06b6eb936

    • Size

      2.4MB

    • MD5

      7a35502a5df5334c0ffde46303b1f56d

    • SHA1

      5729508b725b7add8d2158aee2d0a3bc18a7a38a

    • SHA256

      3403923f1a151466a81c2c7a1fda617b7fbb43b1b8b0325e26e30ed06b6eb936

    • SHA512

      a460bc541f0b68ba5c5ddbea3f78e1e933c50a119baaba3b753ef44bf1e40802b88cd97205ae064c18dcfebb7d79a7acdf769c1327962a6b90d35fa9047d4ed7

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks