65cc17f2fad867edb20baee58785fa5311bf1d416b01b28abbf33407cb43487e | Triage

Sharing

General

Target

65cc17f2fad867edb20baee58785fa5311bf1d416b01b28abbf33407cb43487e
Size

1.8MB
Sample

220921-k4hhvsfhf3
MD5

cc806e1dc3c1a35dd9518b55537784a6
SHA1

40f1743665c530ae234a2d84ab398b0de04fcded
SHA256

65cc17f2fad867edb20baee58785fa5311bf1d416b01b28abbf33407cb43487e
SHA512

aea107346a103a464fa3ae12ad89d16972d5f435bb05829442cd6a9fe19aa1548db5a4caa0808d93893b6e783c6f11299335c5fff660cbaea2ae860c4832b57d
SSDEEP

49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  65cc17f2fad867edb20baee58785fa5311bf1d416b01b28abbf33407cb43487e
- Size
  
  1.8MB
- MD5
  
  cc806e1dc3c1a35dd9518b55537784a6
- SHA1
  
  40f1743665c530ae234a2d84ab398b0de04fcded
- SHA256
  
  65cc17f2fad867edb20baee58785fa5311bf1d416b01b28abbf33407cb43487e
- SHA512
  
  aea107346a103a464fa3ae12ad89d16972d5f435bb05829442cd6a9fe19aa1548db5a4caa0808d93893b6e783c6f11299335c5fff660cbaea2ae860c4832b57d
- SSDEEP
  
  49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1