General

  • Target

    c5083e43d361bd7dc6ebe9f9c4a99f329e85dbf0a63d746ebd1072d54964915e

  • Size

    1.3MB

  • Sample

    221123-m5frrsfh23

  • MD5

    1569e70c0709b2ed6e8344f99cb38da1

  • SHA1

    e350033a14953796b3b891c0c05af3a22ac6dc2b

  • SHA256

    c5083e43d361bd7dc6ebe9f9c4a99f329e85dbf0a63d746ebd1072d54964915e

  • SHA512

    33394d2ee282e76c5829cc5c6eebb8f80c89fae1e8b00ed3559274bfff5cfff5918214479d4cf2872170452cfd170c8956585d7dfcf900fba21f0f4611d6847e

  • SSDEEP

    24576:Wdj7CY4MX37grFZMnC5PNqHzB4zjSb3MztL3Ocr8NkpkmIwXPZMFOXGP:Wdj7qK3yx5P6zBOjSb3Mzt7z1ktoPEBP

Malware Config

Targets

    • Target

      c5083e43d361bd7dc6ebe9f9c4a99f329e85dbf0a63d746ebd1072d54964915e

    • Size

      1.3MB

    • MD5

      1569e70c0709b2ed6e8344f99cb38da1

    • SHA1

      e350033a14953796b3b891c0c05af3a22ac6dc2b

    • SHA256

      c5083e43d361bd7dc6ebe9f9c4a99f329e85dbf0a63d746ebd1072d54964915e

    • SHA512

      33394d2ee282e76c5829cc5c6eebb8f80c89fae1e8b00ed3559274bfff5cfff5918214479d4cf2872170452cfd170c8956585d7dfcf900fba21f0f4611d6847e

    • SSDEEP

      24576:Wdj7CY4MX37grFZMnC5PNqHzB4zjSb3MztL3Ocr8NkpkmIwXPZMFOXGP:Wdj7qK3yx5P6zBOjSb3Mzt7z1ktoPEBP

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks