Overview

overview

10

Static

static

7

20.zip

windows10-1703-x64

9

20.zip

windows10-2004-x64

10

Resubmissions

31-10-2022 22:53

221031-2t11wsdhf2 9

25-09-2022 04:01

220925-elhg9adbc8 10

15-09-2022 10:54

220915-mzjapsgeej 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20.zip

  • Size

    10.4MB

  • Sample

    220925-elhg9adbc8

  • MD5

    e17ed9853440c53954269dc2d97b4ab1

  • SHA1

    ed6f99c188726247614b2affc95da967087c9fef

  • SHA256

    44a6389937c8a2dcbadfb5d04829a2c36fbcc27b37ddc9719847801222d0cce5

  • SHA512

    5b02ca10db4617026a911507f9d4a61c167b6435f36135cbfaa572669d53e18d33566db8643feae65ef1315be9f2744dc4fdeb44ec044d8a1770e751dac42bf5

  • SSDEEP

    196608:yK6qD/i+k2V4c6gC7CASBtm2q3h7/1nUG3NL6GDsIZCE3K1zEkuwCCjnUdy13sx3:yK6m/PHqCASYd7dnUG92GDs3E32LbY2S

Score
10/10
bankofmontrealevasionphishingthemida

Malware Config

Targets

    • Target

      20.zip

    • Size

      10.4MB

    • MD5

      e17ed9853440c53954269dc2d97b4ab1

    • SHA1

      ed6f99c188726247614b2affc95da967087c9fef

    • SHA256

      44a6389937c8a2dcbadfb5d04829a2c36fbcc27b37ddc9719847801222d0cce5

    • SHA512

      5b02ca10db4617026a911507f9d4a61c167b6435f36135cbfaa572669d53e18d33566db8643feae65ef1315be9f2744dc4fdeb44ec044d8a1770e751dac42bf5

    • SSDEEP

      196608:yK6qD/i+k2V4c6gC7CASBtm2q3h7/1nUG3NL6GDsIZCE3K1zEkuwCCjnUdy13sx3:yK6m/PHqCASYd7dnUG92GDs3E32LbY2S

    Score
    10/10
    evasionbankofmontrealphishingthemida

    • Detected bankofmontreal phishing page

      phishingbankofmontreal

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks