General
-
Target
483c7fa66d9cf56e48741b7c4516906c78d71a89ef64529266d607ff7e0544e6
-
Size
5.4MB
-
Sample
220714-ee5dfafba4
-
MD5
a755f76611af191caac97da04633b012
-
SHA1
ee2fba5a45e09e560c67f5107f76cf6e9a36ab53
-
SHA256
483c7fa66d9cf56e48741b7c4516906c78d71a89ef64529266d607ff7e0544e6
-
SHA512
b53fee6fb2b1013989e963b67f11924b8498e198b779fcfb49dc2154ca1a61c89f5abb32b91ed1052052a9c40f7ee1c2c58abf6ee1877b712d7b5899f2d97840
Static task
static1
Behavioral task
behavioral1
Sample
483c7fa66d9cf56e48741b7c4516906c78d71a89ef64529266d607ff7e0544e6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
483c7fa66d9cf56e48741b7c4516906c78d71a89ef64529266d607ff7e0544e6.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
483c7fa66d9cf56e48741b7c4516906c78d71a89ef64529266d607ff7e0544e6
-
Size
5.4MB
-
MD5
a755f76611af191caac97da04633b012
-
SHA1
ee2fba5a45e09e560c67f5107f76cf6e9a36ab53
-
SHA256
483c7fa66d9cf56e48741b7c4516906c78d71a89ef64529266d607ff7e0544e6
-
SHA512
b53fee6fb2b1013989e963b67f11924b8498e198b779fcfb49dc2154ca1a61c89f5abb32b91ed1052052a9c40f7ee1c2c58abf6ee1877b712d7b5899f2d97840
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file execution options in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
1Hidden Files and Directories
2Modify Existing Service
1Scheduled Task
1Defense Evasion
Virtualization/Sandbox Evasion
1Modify Registry
1Hidden Files and Directories
2Impair Defenses
1File Permissions Modification
1