49336bcc43cad45d655bd830929787d323bfdd56eb54b913f561004e5966a905 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49336bcc43cad45d655bd830929787d323bfdd56eb54b913f561004e5966a905
Size

1.8MB
Sample

220928-zm5z6aabfp
MD5

fce90b8971c38ee714dd61cc2c52944a
SHA1

4b0a18954f2e846cdbde6fd9fc6920a43b043dd8
SHA256

49336bcc43cad45d655bd830929787d323bfdd56eb54b913f561004e5966a905
SHA512

b90921013da9c3823a97fda96986ae376d599554d7727af2781a6e47f4c9ad4ac3d5281657f6c28c38fe628adc35dc0122625436ae85fe547b73e9b7253619d5
SSDEEP

49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  49336bcc43cad45d655bd830929787d323bfdd56eb54b913f561004e5966a905
- Size
  
  1.8MB
- MD5
  
  fce90b8971c38ee714dd61cc2c52944a
- SHA1
  
  4b0a18954f2e846cdbde6fd9fc6920a43b043dd8
- SHA256
  
  49336bcc43cad45d655bd830929787d323bfdd56eb54b913f561004e5966a905
- SHA512
  
  b90921013da9c3823a97fda96986ae376d599554d7727af2781a6e47f4c9ad4ac3d5281657f6c28c38fe628adc35dc0122625436ae85fe547b73e9b7253619d5
- SSDEEP
  
  49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1