Overview

overview

10

Static

static

10

2e3fac6fde...f9.exe

windows7_x64

9

2e3fac6fde...f9.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e3fac6fde0e4ea23a1ac808dc11986f62be096971759a36e64b846feb9ddaf9

  • Size

    703KB

  • Sample

    220622-npa21sfhf4

  • MD5

    2f3376d35213ff2bab75eebc1d03f860

  • SHA1

    b1d944b95f078a80ce37573fe48faf4465d49b2d

  • SHA256

    2e3fac6fde0e4ea23a1ac808dc11986f62be096971759a36e64b846feb9ddaf9

  • SHA512

    c6f335fba1d32a6192a31e75af0c64a405732394cc1810e796520906202c2f8907653dc4744206505484e119a553e400cc5f718f5f74e64693192f78f498872a

Score
10/10
legiondownloaderevasion

Malware Config

Targets

    • Target

      2e3fac6fde0e4ea23a1ac808dc11986f62be096971759a36e64b846feb9ddaf9

    • Size

      703KB

    • MD5

      2f3376d35213ff2bab75eebc1d03f860

    • SHA1

      b1d944b95f078a80ce37573fe48faf4465d49b2d

    • SHA256

      2e3fac6fde0e4ea23a1ac808dc11986f62be096971759a36e64b846feb9ddaf9

    • SHA512

      c6f335fba1d32a6192a31e75af0c64a405732394cc1810e796520906202c2f8907653dc4744206505484e119a553e400cc5f718f5f74e64693192f78f498872a

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VMWare Tools registry key

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks