Overview

overview

9

Static

static

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce53424db115fa951e62000ecfd0986fc5a141b1b4b0e5f8c213dafcf365e720

  • Size

    5.6MB

  • Sample

    221124-ejb8fsah5x

  • MD5

    ec52fc8c8d6c3b1e423d02b429818787

  • SHA1

    b38d428a63d959a95ef296ef52218e7bcbf49d9b

  • SHA256

    ce53424db115fa951e62000ecfd0986fc5a141b1b4b0e5f8c213dafcf365e720

  • SHA512

    5035ebea06bb4c2739aaa8421d07b93e4e96b87776f272a1e36892f6392b7ad60eba1eab0bdc0584cddbbd88873af736032462491fd0439ae625cd345fd5df92

  • SSDEEP

    98304:8fFQB3bYB9iogdtQoWIZYaRK9u2s3suPJF+U2ceIzxIbkV+VRn4+GX7f6wnz6PMq:8fFQF+9io4II/GlXq4bcXzx/+X4pr6QO

Score
9/10
evasionspywarestealertrojan

Malware Config

Targets

    • Target

      ce53424db115fa951e62000ecfd0986fc5a141b1b4b0e5f8c213dafcf365e720

    • Size

      5.6MB

    • MD5

      ec52fc8c8d6c3b1e423d02b429818787

    • SHA1

      b38d428a63d959a95ef296ef52218e7bcbf49d9b

    • SHA256

      ce53424db115fa951e62000ecfd0986fc5a141b1b4b0e5f8c213dafcf365e720

    • SHA512

      5035ebea06bb4c2739aaa8421d07b93e4e96b87776f272a1e36892f6392b7ad60eba1eab0bdc0584cddbbd88873af736032462491fd0439ae625cd345fd5df92

    • SSDEEP

      98304:8fFQB3bYB9iogdtQoWIZYaRK9u2s3suPJF+U2ceIzxIbkV+VRn4+GX7f6wnz6PMq:8fFQF+9io4II/GlXq4bcXzx/+X4pr6QO

    Score
    9/10
    evasionspywarestealertrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks