Overview

overview

9

Static

static

80212945b9...88.exe

windows7-x64

9

80212945b9...88.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    80212945b90036fa6bfea918ac0b38e916c1d040daf30ce6c20db7a6379d2588

  • Size

    2.4MB

  • Sample

    220912-ads7kacdc5

  • MD5

    46238ebf59dfdbc73417137ab46c1900

  • SHA1

    538a06731ed1a57a12a199e41caa739cf5fee104

  • SHA256

    80212945b90036fa6bfea918ac0b38e916c1d040daf30ce6c20db7a6379d2588

  • SHA512

    817b5cfe49802c5e56a6b24c77c5b85a6055b640508e25b43bcbc2a09f1ba2120ed0b9be753b2ea8067225cf0ab224e66e3a4dc719f53de68e4275eb8d25a71f

  • SSDEEP

    49152:tIUgp5Ve6AtMouES/K/DLm7G5lYUIETQxlAqalfUvNRd:tNgp5g6AOnNK/Da7GNIrxlralc

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      80212945b90036fa6bfea918ac0b38e916c1d040daf30ce6c20db7a6379d2588

    • Size

      2.4MB

    • MD5

      46238ebf59dfdbc73417137ab46c1900

    • SHA1

      538a06731ed1a57a12a199e41caa739cf5fee104

    • SHA256

      80212945b90036fa6bfea918ac0b38e916c1d040daf30ce6c20db7a6379d2588

    • SHA512

      817b5cfe49802c5e56a6b24c77c5b85a6055b640508e25b43bcbc2a09f1ba2120ed0b9be753b2ea8067225cf0ab224e66e3a4dc719f53de68e4275eb8d25a71f

    • SSDEEP

      49152:tIUgp5Ve6AtMouES/K/DLm7G5lYUIETQxlAqalfUvNRd:tNgp5g6AOnNK/Da7GNIrxlralc

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks