220fc981c9b9a9d06127bdc30079a04954ff2875026bd3a64394d4ddf41ee639 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

220fc981c9b9a9d06127bdc30079a04954ff2875026bd3a64394d4ddf41ee639
Size

1.8MB
Sample

220929-ez4bwaaggp
MD5

6b5e38c229cc8d8829c91f68457f274c
SHA1

93c878440182803865a6cf7728f685938013decf
SHA256

220fc981c9b9a9d06127bdc30079a04954ff2875026bd3a64394d4ddf41ee639
SHA512

a0405f9baa88bbec44a344b1a78a78a1b2b5f380fa7d6f82b699580b66344a4f4a54cf59157868d0a4be16ae06f5bed58ba5de0e65c69f1e07df63acf2836ce3
SSDEEP

49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  220fc981c9b9a9d06127bdc30079a04954ff2875026bd3a64394d4ddf41ee639
- Size
  
  1.8MB
- MD5
  
  6b5e38c229cc8d8829c91f68457f274c
- SHA1
  
  93c878440182803865a6cf7728f685938013decf
- SHA256
  
  220fc981c9b9a9d06127bdc30079a04954ff2875026bd3a64394d4ddf41ee639
- SHA512
  
  a0405f9baa88bbec44a344b1a78a78a1b2b5f380fa7d6f82b699580b66344a4f4a54cf59157868d0a4be16ae06f5bed58ba5de0e65c69f1e07df63acf2836ce3
- SSDEEP
  
  49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1