General

  • Target

    5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7

  • Size

    182KB

  • Sample

    221123-m6mlpsfh88

  • MD5

    a349757a4ddb26e2a1b5c506b1f3a601

  • SHA1

    075a2a15e21a91b8482a0205cc071f76d3492065

  • SHA256

    5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7

  • SHA512

    51773a2a069c7ef6549db62daf9d7c825c46c1020322f1cc7b43efb12307c0633e1b63f93596eacb57f5f00c661e1827fe87582e7e14e3a50935ece3f730ee57

  • SSDEEP

    3072:JQIURTXJKeqgKJ+BCjHr1IABx6bYQaYWJu8DJldkZPKz/vz79Lqo1Wi5RLOP7Uq7:JsogKGABobBogygPKb9+o0iTcND4kJ

Malware Config

Targets

    • Target

      5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7

    • Size

      182KB

    • MD5

      a349757a4ddb26e2a1b5c506b1f3a601

    • SHA1

      075a2a15e21a91b8482a0205cc071f76d3492065

    • SHA256

      5c4b8bdd24dcff775296258025acdd2b65e0818102f9fa2df6ef2fa4a96794e7

    • SHA512

      51773a2a069c7ef6549db62daf9d7c825c46c1020322f1cc7b43efb12307c0633e1b63f93596eacb57f5f00c661e1827fe87582e7e14e3a50935ece3f730ee57

    • SSDEEP

      3072:JQIURTXJKeqgKJ+BCjHr1IABx6bYQaYWJu8DJldkZPKz/vz79Lqo1Wi5RLOP7Uq7:JsogKGABobBogygPKb9+o0iTcND4kJ

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks