General

  • Target

    fc40759c6c1a3c4323fd4606b42fa9f62c464bc7fbf8c007825ba396a90bd885

  • Size

    1.2MB

  • Sample

    221123-m5bg2sba3w

  • MD5

    1e71203a252c31cfc27e34c351b072bf

  • SHA1

    d2f5b1f3793d2057e9e071ee8eb19884f894f6a1

  • SHA256

    fc40759c6c1a3c4323fd4606b42fa9f62c464bc7fbf8c007825ba396a90bd885

  • SHA512

    b3d3521e6f1b3cf003a73f71c2e8223bd591aaae301b97bb092e9afcf38e8e7e182012b6fefbe490ecc8c7d7bb6d0b17e7fc9102a2b0f4ee6c281562f9e59c66

  • SSDEEP

    24576:Q379axq2gMaFYZczsxM9p+lUUja/Gbmh8oFYKYh6hFsciYqDtYg1T+:ZqlMHSUl4uK6oFYK+SHtqDvU

Malware Config

Targets

    • Target

      fc40759c6c1a3c4323fd4606b42fa9f62c464bc7fbf8c007825ba396a90bd885

    • Size

      1.2MB

    • MD5

      1e71203a252c31cfc27e34c351b072bf

    • SHA1

      d2f5b1f3793d2057e9e071ee8eb19884f894f6a1

    • SHA256

      fc40759c6c1a3c4323fd4606b42fa9f62c464bc7fbf8c007825ba396a90bd885

    • SHA512

      b3d3521e6f1b3cf003a73f71c2e8223bd591aaae301b97bb092e9afcf38e8e7e182012b6fefbe490ecc8c7d7bb6d0b17e7fc9102a2b0f4ee6c281562f9e59c66

    • SSDEEP

      24576:Q379axq2gMaFYZczsxM9p+lUUja/Gbmh8oFYKYh6hFsciYqDtYg1T+:ZqlMHSUl4uK6oFYK+SHtqDvU

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks