General

  • Target

    faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847

  • Size

    1.8MB

  • Sample

    220809-f2d1fadecl

  • MD5

    6287a01eb7310062f81fdb8dfe110d69

  • SHA1

    db9bd6985626ea8507a404d49db2ddd1dc349634

  • SHA256

    faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847

  • SHA512

    b6c37b0b06e8ecd4db978855fee92f72d61306b591894b735080ed59c0e7f03ccf2df377d1789e485fec04252a97c20827e7ec6965863be96719b722e1f964cd

Score
9/10

Malware Config

Targets

    • Target

      faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847

    • Size

      1.8MB

    • MD5

      6287a01eb7310062f81fdb8dfe110d69

    • SHA1

      db9bd6985626ea8507a404d49db2ddd1dc349634

    • SHA256

      faf45c7ecc48f5c6d47c61d1a18ae5989d4c23031bac9f070e876168c6370847

    • SHA512

      b6c37b0b06e8ecd4db978855fee92f72d61306b591894b735080ed59c0e7f03ccf2df377d1789e485fec04252a97c20827e7ec6965863be96719b722e1f964cd

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks