Overview

overview

10

Static

static

Videos_fot...33.exe

windows7-x64

10

Videos_fot...33.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44b10304d78683ddb026960a0d7567439388499d0c7fb82ddd26543e2170cb82

  • Size

    851KB

  • Sample

    221123-vxll2sdb8t

  • MD5

    13f61a50e3fa4090afe0820e96a40d53

  • SHA1

    a1e14e2e4c3a8ce1652a0486cdff3cdca4c4e981

  • SHA256

    44b10304d78683ddb026960a0d7567439388499d0c7fb82ddd26543e2170cb82

  • SHA512

    76d378d1b598a1cffe68b4727ca815029100f5576db8a127c56a9425a67393e9583bc27cee4bb4157061812c96037dfabb2ebf9bcaac1aab7d8b960d22356157

  • SSDEEP

    24576:eb6DNkj01lwTvzgfwatVykkqLxqkvDYOn1:a0401lkg1mqLgYDY+1

Score
10/10
evasion

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.homevirtua.dominiotemporario.com
  • Port:
    21
  • Username:
    homevirtua
  • Password:
    10203040oi

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.homevirtua.dominiotemporario.com
  • Port:
    21
  • Username:
    homevirtua

Targets

    • Target

      Videos_fotos_dow_mulheres_lindas_da_net8790328733.exe

    • Size

      888KB

    • MD5

      320043506d947a4a10cede56e2fd6a17

    • SHA1

      531f48e46e2aa59d4e326dfb4d97bbfcd047d054

    • SHA256

      7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf

    • SHA512

      9126ca0a300516a214b5e45c06831af0f25a539a3cf7c427007b03a92cb8be767d13b5ae9f2ab0597bb1181b44c10c05bfb94d3bb863ca4bbe647b3433632d65

    • SSDEEP

      12288:SJkRpc6Q+qXScvMuAs0eb71hBpj5SbSh8Z01vjjWfb+OO0Lpeh2vQB0Xkk3JZF:2suT7Vv7BPSbSh6kCfq0L4a53JZ

    Score
    10/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks