db7a7c02c22154620f35881e0f55e936567deaddc98feae2de11443280e1b894 | Triage

Sharing

General

Target

db7a7c02c22154620f35881e0f55e936567deaddc98feae2de11443280e1b894
Size

1.8MB
Sample

220918-gfewaaagd9
MD5

1055cacb496519b2beca1c0f53638ef3
SHA1

2c5325ff7b4f6621deb457bd94e732166e9e88cf
SHA256

db7a7c02c22154620f35881e0f55e936567deaddc98feae2de11443280e1b894
SHA512

2e45543fc62f925137136f1323b5b4b22d4167bf2a839fbc09dd2d554f50fcc01efa3c0aa43ca1e7b364770a671b4d9ec8f3f49dbadc76b8468ac557dd209ca4
SSDEEP

49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  db7a7c02c22154620f35881e0f55e936567deaddc98feae2de11443280e1b894
- Size
  
  1.8MB
- MD5
  
  1055cacb496519b2beca1c0f53638ef3
- SHA1
  
  2c5325ff7b4f6621deb457bd94e732166e9e88cf
- SHA256
  
  db7a7c02c22154620f35881e0f55e936567deaddc98feae2de11443280e1b894
- SHA512
  
  2e45543fc62f925137136f1323b5b4b22d4167bf2a839fbc09dd2d554f50fcc01efa3c0aa43ca1e7b364770a671b4d9ec8f3f49dbadc76b8468ac557dd209ca4
- SSDEEP
  
  49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1