0b0493f79ccafb9affef92f4224fb0a3dc280b3216c9ca7e95be4df68471fe62 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Aura.ba-0b0493f79ccafb9affef92f4224fb0a3dc280b3216c9ca7e95be4df68471fe62
Size

146KB
Sample

221106-p5hmgaccd6
MD5

3d78c641051fbdbb8bc5824d9aa8e000
SHA1

5111128541687de386e426e8767b25e05fc2c4fa
SHA256

0b0493f79ccafb9affef92f4224fb0a3dc280b3216c9ca7e95be4df68471fe62
SHA512

646a11530a4b2dded02adbce85bc983ab4393439d492c280fb7d7f3b02d98435d8b556f93f78a933c82727c6b9659dfe7100aee58d21f9d1d0f34e5926480da3
SSDEEP

3072:5wJ52Y7ZoH5XJatWmnqEDwyjgTXhzKdQbBgvJ9n791C5sY:5wHysscE5ThXbB27h1qsY

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Aura.ba-0b0493f79ccafb9affef92f4224fb0a3dc280b3216c9ca7e95be4df68471fe62
- Size
  
  146KB
- MD5
  
  3d78c641051fbdbb8bc5824d9aa8e000
- SHA1
  
  5111128541687de386e426e8767b25e05fc2c4fa
- SHA256
  
  0b0493f79ccafb9affef92f4224fb0a3dc280b3216c9ca7e95be4df68471fe62
- SHA512
  
  646a11530a4b2dded02adbce85bc983ab4393439d492c280fb7d7f3b02d98435d8b556f93f78a933c82727c6b9659dfe7100aee58d21f9d1d0f34e5926480da3
- SSDEEP
  
  3072:5wJ52Y7ZoH5XJatWmnqEDwyjgTXhzKdQbBgvJ9n791C5sY:5wHysscE5ThXbB27h1qsY
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2