General

  • Target

    dac6dc38f7cbd0337407b34c9dff11b72e65df08637f18e450e02c5dcd23cf5e

  • Size

    1.8MB

  • Sample

    221003-fryl4ahah5

  • MD5

    57bd0f24135ce0f153457d92c67ca3f4

  • SHA1

    137da7b2d8ad6f977fa552d07c70b1dc02a2e565

  • SHA256

    dac6dc38f7cbd0337407b34c9dff11b72e65df08637f18e450e02c5dcd23cf5e

  • SHA512

    52c7cb0ecf861093ca3fd6431031b768720350f2d19f3e679c7e4fb0ea549317d54820bec2c8f6cf711b0590747bc686f7dee7579242663664091be648404a05

  • SSDEEP

    49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score
9/10

Malware Config

Targets

    • Target

      dac6dc38f7cbd0337407b34c9dff11b72e65df08637f18e450e02c5dcd23cf5e

    • Size

      1.8MB

    • MD5

      57bd0f24135ce0f153457d92c67ca3f4

    • SHA1

      137da7b2d8ad6f977fa552d07c70b1dc02a2e565

    • SHA256

      dac6dc38f7cbd0337407b34c9dff11b72e65df08637f18e450e02c5dcd23cf5e

    • SHA512

      52c7cb0ecf861093ca3fd6431031b768720350f2d19f3e679c7e4fb0ea549317d54820bec2c8f6cf711b0590747bc686f7dee7579242663664091be648404a05

    • SSDEEP

      49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks