General

  • Size

    1MB

  • Sample

    220923-hdrbzahcgq

  • MD5

    d2832c38a1142629de0f4e5cd7b1f050

  • SHA1

    2f20498ab81d5eddef2a75cbe1391e0054bdeeb2

  • SHA256

    bd421731e0cb22e95d9fdff58b461a19bd5904a0d571de063c323ba1cf0637b0

  • SHA512

    b31a6fdf040ff02714c81ed6ac2e80f50e345042d5dc8a01627de9162812faf18fa6fad42862d736c05f0e9185b9a3b6a539817aa385d30bbea6f60a6a2c3c63

Score
9/10

Malware Config

Targets

    • Target

      bd421731e0cb22e95d9fdff58b461a19bd5904a0d571de063c323ba1cf0637b0

    • Size

      1MB

    • MD5

      d2832c38a1142629de0f4e5cd7b1f050

    • SHA1

      2f20498ab81d5eddef2a75cbe1391e0054bdeeb2

    • SHA256

      bd421731e0cb22e95d9fdff58b461a19bd5904a0d571de063c323ba1cf0637b0

    • SHA512

      b31a6fdf040ff02714c81ed6ac2e80f50e345042d5dc8a01627de9162812faf18fa6fad42862d736c05f0e9185b9a3b6a539817aa385d30bbea6f60a6a2c3c63

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                  Privilege Escalation