Overview

overview

10

Static

static

СЧЕТ-�...14.scr

windows7-x64

10

СЧЕТ-�...14.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f9b12d8518bff659a4d842d42a300ef4c84d77e812d15c9fb67c1e8fa903df5

  • Size

    2.5MB

  • Sample

    221123-xr4xjsah2v

  • MD5

    ac53cfacf112c4c9a89ee23b9ab90a28

  • SHA1

    8c94ef7630e751244c4e25e9137917919dcbd011

  • SHA256

    8f9b12d8518bff659a4d842d42a300ef4c84d77e812d15c9fb67c1e8fa903df5

  • SHA512

    857cccbd52ede3859e8830050830eeec215b20b5c69863b68bb4f77c516f9e8dde9fbc3a5525c6856517eb9bee774e85482a005b0d0e85d30b4e1596e97e442a

  • SSDEEP

    49152:t6Brb9CO8E9O336/faXLVOsqo4f5SMi07X13NJ8aznkWDVZEDBE5N6ETtYg4f:tirJa8OH7bVtbMioP8aznkW15NDuXf

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Targets

    • Target

      СЧЕТ-ФАКТУРА № 000835 от 26.08.2014.scr

    • Size

      2.9MB

    • MD5

      68cbf4a764bd3da616b6426f8ee2fd42

    • SHA1

      69deb224d550f4589e10170005ad862748964b9a

    • SHA256

      be1363a19716c5e32da206ba6dcca80681152a91d67379128352655d0317b775

    • SHA512

      0b511fb4cd3bf5df846f48faf062f1245dc79697429a64d7c4854554ef088bfc36fa6ce3328eadd468e52a3f90d4775796ede7506e361a9051b149a3170d9d71

    • SSDEEP

      49152:zMtQqMq0Yya4SOHZ3+TFTdclL/4J8200q5VWy7EeNmpQ1qocB+t/5m/hN/cM/q7P:otQLLY73OH0dclL/4JoPtQAmpQ1qoc2V

    Score
    10/10
    banloaddownloaderdropperevasiontrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks