General

  • Target

    b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b

  • Size

    1.8MB

  • Sample

    220809-fz2nqafcd5

  • MD5

    f58b6b797c23a456405c71f40b411499

  • SHA1

    5886a152dd8e90bfd8339e3a5042e6f8206f0017

  • SHA256

    b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b

  • SHA512

    d789f5ee6696a634bfec8a26a027c57c013fc50f6cb661c4c56ebfe558d48dd2b11315c60d755fa129d754bf08319861f6195091ff1f64661afe26eb53a7a19b

Score
9/10

Malware Config

Targets

    • Target

      b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b

    • Size

      1.8MB

    • MD5

      f58b6b797c23a456405c71f40b411499

    • SHA1

      5886a152dd8e90bfd8339e3a5042e6f8206f0017

    • SHA256

      b4b7b1b95b9bb1815f102bbbdc23f77b0664280d14f55a16eb5bc4652fba903b

    • SHA512

      d789f5ee6696a634bfec8a26a027c57c013fc50f6cb661c4c56ebfe558d48dd2b11315c60d755fa129d754bf08319861f6195091ff1f64661afe26eb53a7a19b

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks