b03ab81fd715e5f63720ecfeaefe4cce0aa1a4e455964bf5f3cfc7728db5a236 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

b03ab81fd7...36.exe

windows7-x64

9

b03ab81fd7...36.exe

windows10-2004-x64

9

Sharing

General

Target

b03ab81fd715e5f63720ecfeaefe4cce0aa1a4e455964bf5f3cfc7728db5a236
Size

296KB
Sample

221126-zdfnxafh6x
MD5

5ba8c5594acd396176fd2d5b7bb8af6b
SHA1

437753354ad6ffe383882e4d85089a887c5c6e32
SHA256

b03ab81fd715e5f63720ecfeaefe4cce0aa1a4e455964bf5f3cfc7728db5a236
SHA512

977ac03d5766b5c1162c7624765b1716b76dadac8820c2c0c257dc02645eb97dcedd775859b4030d3119a0a3f54346d7f7cbb5adb04a2a607adeb9884e927d1d
SSDEEP

6144:KdAUtnJuC7JjSQ7Ek1t29xZb4fuusuOHW8tcm+kgnW2iCnroS4blBNvUsFmo:Ebn8C7JmnxZbeu4CWIv+kUvsD/NvUsF1

Score

9^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b03ab81fd715e5f63720ecfeaefe4cce0aa1a4e455964bf5f3cfc7728db5a236.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b03ab81fd715e5f63720ecfeaefe4cce0aa1a4e455964bf5f3cfc7728db5a236.exe

Resource

win10v2004-20221111-en

evasion persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b03ab81fd715e5f63720ecfeaefe4cce0aa1a4e455964bf5f3cfc7728db5a236
- Size
  
  296KB
- MD5
  
  5ba8c5594acd396176fd2d5b7bb8af6b
- SHA1
  
  437753354ad6ffe383882e4d85089a887c5c6e32
- SHA256
  
  b03ab81fd715e5f63720ecfeaefe4cce0aa1a4e455964bf5f3cfc7728db5a236
- SHA512
  
  977ac03d5766b5c1162c7624765b1716b76dadac8820c2c0c257dc02645eb97dcedd775859b4030d3119a0a3f54346d7f7cbb5adb04a2a607adeb9884e927d1d
- SSDEEP
  
  6144:KdAUtnJuC7JjSQ7Ek1t29xZb4fuusuOHW8tcm+kgnW2iCnroS4blBNvUsFmo:Ebn8C7JmnxZbeu4CWIv+kUvsD/NvUsF1
Score

9^/10

evasion persistence
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy