Resubmissions

26-09-2022 15:09

220926-sjlzjscchm 9

05-12-2021 07:55

211205-jscmsscbeq 10

General

  • Target

    SysLogsService.exe

  • Size

    7.7MB

  • Sample

    220926-sjlzjscchm

  • MD5

    0b97fa8b682939e55df2bcfe3d17dba5

  • SHA1

    9d0101a59a1f705d55ab5acb0577ea9a967a6bab

  • SHA256

    ef7fefcb41d79c824c429819fbe73e6d0186c0586bc5f031debf553cd43edce4

  • SHA512

    1d4e414a9abd9b4f317f4ea37fc2a76ee8d3057b5079f654c142ef0b938433d0c52f8620526375eed4b9ac0adceda26484ebad9e63b7c4df5aef272d07620e68

  • SSDEEP

    49152:w8eti2sIHTdUoWj/QPNYtS5Djcdv9TS32PkEh77sD2qz4DfvcbXyWrhIqJwH1iL3:fWiPIZZXaMD8Vm2P572xEqY5Xu

Malware Config

Targets

    • Target

      SysLogsService.exe

    • Size

      7.7MB

    • MD5

      0b97fa8b682939e55df2bcfe3d17dba5

    • SHA1

      9d0101a59a1f705d55ab5acb0577ea9a967a6bab

    • SHA256

      ef7fefcb41d79c824c429819fbe73e6d0186c0586bc5f031debf553cd43edce4

    • SHA512

      1d4e414a9abd9b4f317f4ea37fc2a76ee8d3057b5079f654c142ef0b938433d0c52f8620526375eed4b9ac0adceda26484ebad9e63b7c4df5aef272d07620e68

    • SSDEEP

      49152:w8eti2sIHTdUoWj/QPNYtS5Djcdv9TS32PkEh77sD2qz4DfvcbXyWrhIqJwH1iL3:fWiPIZZXaMD8Vm2P572xEqY5Xu

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks