4d1f64f77a734fede641404a241eecf0e0bba30f7908869fadd1d22b9ead471e | Triage

Sharing

General

Target

2f3433364eb52eeaf9597ba819769ca9dd4c597ffad8157650269a507cf952af
Size

1.7MB
Sample

220906-skk4mscbbl
MD5

5b3963a5b5666d5ef229372e27f34e2a
SHA1

3169c74a653552671adbaff03bd183801f1c2b4d
SHA256

4d1f64f77a734fede641404a241eecf0e0bba30f7908869fadd1d22b9ead471e
SHA512

8a6a7f3525d0e27bdd5c1d89d2b28ecc61d6056939e1eced8b8e9f498c99854352369e0f0f50fa9671369fca4d9554304f6a2fc238c00011bb8661e600060fa7
SSDEEP

49152:wcQUV8rnmrIQjfV1BtVFy7P8YeZE24+vO:ZwnKIQZ1BtV6EYeZEsO

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  2f3433364eb52eeaf9597ba819769ca9dd4c597ffad8157650269a507cf952af
- Size
  
  1.8MB
- MD5
  
  e4e81d7711386e7e3a42851b29f24434
- SHA1
  
  8143610c47f6af9007a4c44ef24878f4adb8a107
- SHA256
  
  2f3433364eb52eeaf9597ba819769ca9dd4c597ffad8157650269a507cf952af
- SHA512
  
  aba953eb6a5fc3d81a8b1929689b5f8b8ef479e153b03c98e9cfff21066093439af1844c19fb8ec58170b3b2f407eb2f46630e40afb43db3fa9ada550cd14d81
- SSDEEP
  
  49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2