4dc884fa819d6b9acbf4ea4e4d3e26e8e8613cc93de290ab8628e571d43efb31 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

4dc884fa81...31.exe

windows7-x64

9

4dc884fa81...31.exe

windows10-2004-x64

8

Sharing

General

Target

4dc884fa819d6b9acbf4ea4e4d3e26e8e8613cc93de290ab8628e571d43efb31
Size

177KB
Sample

221123-lkllvafa7v
MD5

306eeb997d07f5140ab2d5bf5472192a
SHA1

d34f3e346a232332095e54a0f33aa01513fd7516
SHA256

4dc884fa819d6b9acbf4ea4e4d3e26e8e8613cc93de290ab8628e571d43efb31
SHA512

a1c104156c5f64e8d93983db526d46e87dbc4c9ff8375db8f3bb94d88fe90c51a3999e1ddc8f47eab88a3245b1f093f070f644f8d081355c98451744eb53d6f8
SSDEEP

3072:oQIURTXJ3wyZQPKckaO2IpSD+b/xIUtCYY0mWskalU/ZgZApBvejrlvo1:osRwDy/i+dI3YY0mWs3diYjC1

Score

9^/10

evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4dc884fa819d6b9acbf4ea4e4d3e26e8e8613cc93de290ab8628e571d43efb31.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

4dc884fa819d6b9acbf4ea4e4d3e26e8e8613cc93de290ab8628e571d43efb31.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4dc884fa819d6b9acbf4ea4e4d3e26e8e8613cc93de290ab8628e571d43efb31
- Size
  
  177KB
- MD5
  
  306eeb997d07f5140ab2d5bf5472192a
- SHA1
  
  d34f3e346a232332095e54a0f33aa01513fd7516
- SHA256
  
  4dc884fa819d6b9acbf4ea4e4d3e26e8e8613cc93de290ab8628e571d43efb31
- SHA512
  
  a1c104156c5f64e8d93983db526d46e87dbc4c9ff8375db8f3bb94d88fe90c51a3999e1ddc8f47eab88a3245b1f093f070f644f8d081355c98451744eb53d6f8
- SSDEEP
  
  3072:oQIURTXJ3wyZQPKckaO2IpSD+b/xIUtCYY0mWskalU/ZgZApBvejrlvo1:osRwDy/i+dI3YY0mWs3diYjC1
Score

9^/10

evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy