Overview

overview

9

Static

static

ccc.exe

windows7-x64

9

ccc.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    ccc.exe

  • Size

    1.3MB

  • Sample

    221006-afqjfsgaa9

  • MD5

    7d6ad46a0c4ad4a37e6db83d66d1b8ab

  • SHA1

    2899db2f76e9dff78cf3f9e237699d9ba71cae4c

  • SHA256

    09ca95a017a8eb5dcbfe9eb11c1cf268dce0aaad2bc8215c690d857e5eff6c22

  • SHA512

    363d6a6b901a757d43f152b43303561f1e0c4ae34d4d40b2484edb8e5d228e36025a03b7daa239744f7ffdb1067008fcf6775b9e8c5275f2c44eb6b498ac9ad0

  • SSDEEP

    24576:Nd70U8S4Psef5yA2MszhXFo6MBl8dNTKaug4dCIf1s0s2:NNbCfox1MP8dNTkgAj1s0s

Score
9/10
evasion

Malware Config

Targets

    • Target

      ccc.exe

    • Size

      1.3MB

    • MD5

      7d6ad46a0c4ad4a37e6db83d66d1b8ab

    • SHA1

      2899db2f76e9dff78cf3f9e237699d9ba71cae4c

    • SHA256

      09ca95a017a8eb5dcbfe9eb11c1cf268dce0aaad2bc8215c690d857e5eff6c22

    • SHA512

      363d6a6b901a757d43f152b43303561f1e0c4ae34d4d40b2484edb8e5d228e36025a03b7daa239744f7ffdb1067008fcf6775b9e8c5275f2c44eb6b498ac9ad0

    • SSDEEP

      24576:Nd70U8S4Psef5yA2MszhXFo6MBl8dNTKaug4dCIf1s0s2:NNbCfox1MP8dNTkgAj1s0s

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks