General

  • Target

    64d5d3d1ced9df264a6cd5dbb42a13cb332f26f6e748325a829ac0f57c491836

  • Size

    1MB

  • Sample

    221003-cvcl9adgck

  • MD5

    444440c5dd4c02854c1cb894acbd6c92

  • SHA1

    670e8737f43ba3f0376ee39b04c40296809903f7

  • SHA256

    64d5d3d1ced9df264a6cd5dbb42a13cb332f26f6e748325a829ac0f57c491836

  • SHA512

    5d41f8246c8e98c4a537b5244427597f065673c802fc9751d6820bfa276a655f85f08e86b2b2b1353d0345fc1ec14006efe4e4c337d3aef47f3522385e358644

  • SSDEEP

    24576:BaUNVKivXERYEbrmnQn75C2xI2YZGI9SEgikqEi6WUWTZyox/6lGxD:BaU+ivMYEOqzBySEpEi6WfZjE0

Malware Config

Targets

    • Target

      64d5d3d1ced9df264a6cd5dbb42a13cb332f26f6e748325a829ac0f57c491836

    • Size

      1MB

    • MD5

      444440c5dd4c02854c1cb894acbd6c92

    • SHA1

      670e8737f43ba3f0376ee39b04c40296809903f7

    • SHA256

      64d5d3d1ced9df264a6cd5dbb42a13cb332f26f6e748325a829ac0f57c491836

    • SHA512

      5d41f8246c8e98c4a537b5244427597f065673c802fc9751d6820bfa276a655f85f08e86b2b2b1353d0345fc1ec14006efe4e4c337d3aef47f3522385e358644

    • SSDEEP

      24576:BaUNVKivXERYEbrmnQn75C2xI2YZGI9SEgikqEi6WUWTZyox/6lGxD:BaU+ivMYEOqzBySEpEi6WfZjE0

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Tasks