2c3b137c37ce89d90d4d2ccfbbbff75cbbe481826e9cde30da878c1a21d0fd20 | Triage

Sharing

General

Target

2C3B137C37CE89D90D4D2CCFBBBFF75CBBE481826E9CDE30DA878C1A21D0FD20
Size

477KB
Sample

221123-r2sz5sdb4z
MD5

5fb401014ed0f36731437da191566335
SHA1

c0a112a2045d1e8403b76830061eda4aafc75feb
SHA256

2c3b137c37ce89d90d4d2ccfbbbff75cbbe481826e9cde30da878c1a21d0fd20
SHA512

c647baac5f3ea9a9ce74a810a45f16466994309c722f632497096b59f2d9c18c8c5fc1ef96673a850d8602f171f90272c1e7d38a10e820d36ca2eb0613477cd6
SSDEEP

12288:pRABov2zpavhPEnFzhYDY/a/Wp8VlY0X1BX:PbiEh8nxhMNWSjYe

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  statement of account.exe
- Size
  
  735KB
- MD5
  
  a6a3ecf77a3d0e0b2f7dd19e4691a19c
- SHA1
  
  9cfd00df00e644b7a5b4851127079c562662249f
- SHA256
  
  1b01ebd8c54832e5f83263a30d9d26a666123600cf8b4c91977aa0f6515a3ea5
- SHA512
  
  bd1fb3634cd08ddb77fadbadd9bee7b5160c90aecfd2a41ae3c10e3b126cab0cc4596b10a79571ffc4cca30b4653b2c0e2888d5ac69d9d2f96cc004801cb2de6
- SSDEEP
  
  12288:iUvhjbjl2pl3dcr2iNwgwgj+I8/O+utVWfV1TTmJr:9Y8r1GgPj+I8/O+gueJr
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2