758f7211d631b2b5b52df7214485fe2082661e5ba18054c8d91be0d7e27dbb2f | Triage

Sharing

General

Target

VMware-workstation-full-16.2.4-20089737.exe
Size

615.6MB
Sample

220923-ef9pjsdag2
MD5

d60f20003600b70defb72215417aadee
SHA1

b89035349ad4894e1837b81e3e826ca4572f4f88
SHA256

758f7211d631b2b5b52df7214485fe2082661e5ba18054c8d91be0d7e27dbb2f
SHA512

e9be925c8d3fe9fe81383398709fa4a992ccf2a50b833421ff54d629b1088cb8a773af64c87bed3c513f03a6a84f8eb5001f8cf52f895808c6f002c49d44abfe
SSDEEP

12582912:HsiQc7JR+tkXSznRL4KY0XxCDhc/jVPil7pbuhbKDe0uDe07:MiQc7JR+tMSznJY0XxCD6/jVPil7pbDi

Score

8^/10

discovery evasion

Malware Config

Targets

- Target
  
  VMware-workstation-full-16.2.4-20089737.exe
- Size
  
  615.6MB
- MD5
  
  d60f20003600b70defb72215417aadee
- SHA1
  
  b89035349ad4894e1837b81e3e826ca4572f4f88
- SHA256
  
  758f7211d631b2b5b52df7214485fe2082661e5ba18054c8d91be0d7e27dbb2f
- SHA512
  
  e9be925c8d3fe9fe81383398709fa4a992ccf2a50b833421ff54d629b1088cb8a773af64c87bed3c513f03a6a84f8eb5001f8cf52f895808c6f002c49d44abfe
- SSDEEP
  
  12582912:HsiQc7JR+tkXSznRL4KY0XxCDhc/jVPil7pbuhbKDe0uDe07:MiQc7JR+tMSznJY0XxCD6/jVPil7pbDi
Score

8^/10

discovery evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasion