General

  • Target

    4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41

  • Size

    1.8MB

  • Sample

    221003-galfwahhb4

  • MD5

    1427adf0c942e4bfa97b92dfa641d8b5

  • SHA1

    2c7c1669db026fc670c2c3a50735d8026fada29e

  • SHA256

    4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41

  • SHA512

    759d2631630f895eeb88ef5794c22d12a925fe61027390d4b37c7c44d134f5e6597401fc8a7c77817c52edf27a90fc797a6a8bd00f2aa9f9df6179a2e2857c95

  • SSDEEP

    49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

Score
9/10

Malware Config

Targets

    • Target

      4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41

    • Size

      1.8MB

    • MD5

      1427adf0c942e4bfa97b92dfa641d8b5

    • SHA1

      2c7c1669db026fc670c2c3a50735d8026fada29e

    • SHA256

      4e82ab80f2b02acdb211bbc4f59171a81de7bcbf8971164d42a680ae15664f41

    • SHA512

      759d2631630f895eeb88ef5794c22d12a925fe61027390d4b37c7c44d134f5e6597401fc8a7c77817c52edf27a90fc797a6a8bd00f2aa9f9df6179a2e2857c95

    • SSDEEP

      49152:AiSzCD+K95aLs7zeqLTVtXtHFIDP8EehiM8qZA:AiSzCD+K95aUeqFtXtHwEEehig

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks