64baa458c33f7c5add3db3bfe86e64257b94c8373dfacf88725297bd889f5c72 | Triage

Sharing

General

Target

64baa458c33f7c5add3db3bfe86e64257b94c8373dfacf88725297bd889f5c72
Size

1.8MB
Sample

220925-hf3g1sehdp
MD5

d13abea4f3519412c41459483332a9d2
SHA1

aa36068f33b9edfbc134b4aca698615b8783bb8f
SHA256

64baa458c33f7c5add3db3bfe86e64257b94c8373dfacf88725297bd889f5c72
SHA512

cc869af4f58e2a449c98cc48d195d904ee7758e7c3f83fca4d2fceba2fba4480fc6039585ea18807e218beafd8e2d7599fcda51905400a4045a6cf18da4ee579
SSDEEP

49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  64baa458c33f7c5add3db3bfe86e64257b94c8373dfacf88725297bd889f5c72
- Size
  
  1.8MB
- MD5
  
  d13abea4f3519412c41459483332a9d2
- SHA1
  
  aa36068f33b9edfbc134b4aca698615b8783bb8f
- SHA256
  
  64baa458c33f7c5add3db3bfe86e64257b94c8373dfacf88725297bd889f5c72
- SHA512
  
  cc869af4f58e2a449c98cc48d195d904ee7758e7c3f83fca4d2fceba2fba4480fc6039585ea18807e218beafd8e2d7599fcda51905400a4045a6cf18da4ee579
- SSDEEP
  
  49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1