4125defe095eee3c1811a62a83c559602d0041d300a8e73ac0bb43b6e9de1db3 | Triage

Resubmissions

21-11-2022 17:51

221121-we5smseh9y 10

21-11-2022 17:35

221121-v551naef4s 9

Sharing

General

Target

BABB5BC09EFE7D42910D7504AC7F688F.fil
Size

8.6MB
Sample

221121-we5smseh9y
MD5

babb5bc09efe7d42910d7504ac7f688f
SHA1

a31961b8d0788212653815b897461b27b28760ae
SHA256

4125defe095eee3c1811a62a83c559602d0041d300a8e73ac0bb43b6e9de1db3
SHA512

d3bd647cfed02f6efbd3fa9a85fd27b2e86d8c678a256f23a007af08597657793790e37c4fbd00e22a0d4e864361ff589532ea5f38f1590cc6b5b723a7d461ab
SSDEEP

196608:28RdIDarx4UQ3tYMkZfn90quXSlnz8eryfu5m0iJ0VOLAwu:5etY/Zf90quXSljrH5mPJJAb

Score

10^/10

evasion phishing trojan

Malware Config

Targets

- Target
  
  BABB5BC09EFE7D42910D7504AC7F688F.fil
- Size
  
  8.6MB
- MD5
  
  babb5bc09efe7d42910d7504ac7f688f
- SHA1
  
  a31961b8d0788212653815b897461b27b28760ae
- SHA256
  
  4125defe095eee3c1811a62a83c559602d0041d300a8e73ac0bb43b6e9de1db3
- SHA512
  
  d3bd647cfed02f6efbd3fa9a85fd27b2e86d8c678a256f23a007af08597657793790e37c4fbd00e22a0d4e864361ff589532ea5f38f1590cc6b5b723a7d461ab
- SSDEEP
  
  196608:28RdIDarx4UQ3tYMkZfn90quXSlnz8eryfu5m0iJ0VOLAwu:5etY/Zf90quXSljrH5mPJJAb
Score

10^/10

evasion phishing trojan
- Detected phishing page
  phishing
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionphishingtrojan

behavioral2