General

  • Target

    880794428aa079470f22d4145a75b50eeb4ec97454c132447588dd20660958ac

  • Size

    225KB

  • Sample

    221123-m6crhafh74

  • MD5

    a2cdcc3501a397c391f9ec39d692b4ef

  • SHA1

    b0f181f4df82a5b4f88d17934a775af7ab68442b

  • SHA256

    880794428aa079470f22d4145a75b50eeb4ec97454c132447588dd20660958ac

  • SHA512

    5b988fac79b50dc94002cbc78d52a6177450ea16bb12e3e43d42e0d3bee3656436857056b120e5de365d6dbe47085890d41c32d676ed09341e1b68c5d261a851

  • SSDEEP

    3072:mgXdZt9P6D3XJReqwKN+BCWNfi8PHeqLRYipbBOnrIIUV54HpeVN3Pd+KkrFDrm6:me34VwKuNqALJOeV5ZN/d8fOG

Malware Config

Targets

    • Target

      880794428aa079470f22d4145a75b50eeb4ec97454c132447588dd20660958ac

    • Size

      225KB

    • MD5

      a2cdcc3501a397c391f9ec39d692b4ef

    • SHA1

      b0f181f4df82a5b4f88d17934a775af7ab68442b

    • SHA256

      880794428aa079470f22d4145a75b50eeb4ec97454c132447588dd20660958ac

    • SHA512

      5b988fac79b50dc94002cbc78d52a6177450ea16bb12e3e43d42e0d3bee3656436857056b120e5de365d6dbe47085890d41c32d676ed09341e1b68c5d261a851

    • SSDEEP

      3072:mgXdZt9P6D3XJReqwKN+BCWNfi8PHeqLRYipbBOnrIIUV54HpeVN3Pd+KkrFDrm6:me34VwKuNqALJOeV5ZN/d8fOG

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks