Overview

overview

9

Static

static

7

235044f58c...14.dll

windows7_x64

9

235044f58c...14.dll

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    235044f58c801955ed496f8c84712fdb353fdd9b6fda91886262234bdb710614

  • Size

    2.4MB

  • Sample

    220521-x4g9bachb8

  • MD5

    5fba3cbc31c7b28b763817636f2b1a38

  • SHA1

    992ee97e64491206e829ba40377f5a9878008414

  • SHA256

    235044f58c801955ed496f8c84712fdb353fdd9b6fda91886262234bdb710614

  • SHA512

    752d4aacd5482c38b1385ca0746c88bf857110bd79ec23add069b1520b792b612e1ec94a1914eeddeaed0c3d0e04db3a64744c5d734cf53f4fdf41d40b1580e6

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      235044f58c801955ed496f8c84712fdb353fdd9b6fda91886262234bdb710614

    • Size

      2.4MB

    • MD5

      5fba3cbc31c7b28b763817636f2b1a38

    • SHA1

      992ee97e64491206e829ba40377f5a9878008414

    • SHA256

      235044f58c801955ed496f8c84712fdb353fdd9b6fda91886262234bdb710614

    • SHA512

      752d4aacd5482c38b1385ca0746c88bf857110bd79ec23add069b1520b792b612e1ec94a1914eeddeaed0c3d0e04db3a64744c5d734cf53f4fdf41d40b1580e6

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks