3d4bca06160a1916b52e9bbdc376faa138efb026f838583f62a4851675cb5d6b | Triage

Sharing

General

Target

3d4bca06160a1916b52e9bbdc376faa138efb026f838583f62a4851675cb5d6b
Size

184KB
Sample

220703-d5d4haffb7
MD5

74dc37b7aabf745eac1d5fc65428488e
SHA1

fa406e4e4fe581091e30bac24ad0a1023bc5eed3
SHA256

3d4bca06160a1916b52e9bbdc376faa138efb026f838583f62a4851675cb5d6b
SHA512

660d9ed08afa90dc782d3814ab8428137d5748c63433b3fb3ddc76da9412a279d1da2fd87e1a11dbedd486edbdabd5db871d4912704e49b9ccb3ac3c39e4ac21

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  3d4bca06160a1916b52e9bbdc376faa138efb026f838583f62a4851675cb5d6b
- Size
  
  184KB
- MD5
  
  74dc37b7aabf745eac1d5fc65428488e
- SHA1
  
  fa406e4e4fe581091e30bac24ad0a1023bc5eed3
- SHA256
  
  3d4bca06160a1916b52e9bbdc376faa138efb026f838583f62a4851675cb5d6b
- SHA512
  
  660d9ed08afa90dc782d3814ab8428137d5748c63433b3fb3ddc76da9412a279d1da2fd87e1a11dbedd486edbdabd5db871d4912704e49b9ccb3ac3c39e4ac21
Score

9^/10

evasion persistence
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence