082e589e502d15e07b86076b0dd3da5c749590d8ef185a6a7eb1022f9951a0c6 | Triage

Sharing

General

Target

082e589e502d15e07b86076b0dd3da5c749590d8ef185a6a7eb1022f9951a0c6
Size

1.8MB
Sample

220918-j1e3wsahd2
MD5

c75490da8d5259290e51f4f0f882cc45
SHA1

58408ff24dd1aafb38efd8a072ca604495873a56
SHA256

082e589e502d15e07b86076b0dd3da5c749590d8ef185a6a7eb1022f9951a0c6
SHA512

20df0b21d8a714bfa2456b237ef8cbdd22ff8edb21fa9394b3d0c54a89e9eca678be754e5fe1d119e74b2829d7bf03b8452eaee43e1a2ab9c1401ca0f4b804ff
SSDEEP

49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  082e589e502d15e07b86076b0dd3da5c749590d8ef185a6a7eb1022f9951a0c6
- Size
  
  1.8MB
- MD5
  
  c75490da8d5259290e51f4f0f882cc45
- SHA1
  
  58408ff24dd1aafb38efd8a072ca604495873a56
- SHA256
  
  082e589e502d15e07b86076b0dd3da5c749590d8ef185a6a7eb1022f9951a0c6
- SHA512
  
  20df0b21d8a714bfa2456b237ef8cbdd22ff8edb21fa9394b3d0c54a89e9eca678be754e5fe1d119e74b2829d7bf03b8452eaee43e1a2ab9c1401ca0f4b804ff
- SSDEEP
  
  49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1