General

  • Target

    bf531b94a7629ee1b3eae48f099eb51fa15063a5e5fc8295430c8d61cf3d3365

  • Size

    1.1MB

  • Sample

    221127-tmkfkaec7y

  • MD5

    041e3e55b83758f3b44a0df7372272a0

  • SHA1

    9f049daa24198025d2073f489883f6b2a9655a9e

  • SHA256

    bf531b94a7629ee1b3eae48f099eb51fa15063a5e5fc8295430c8d61cf3d3365

  • SHA512

    91a3f8d4accedd16bacbe13b58db11f22457c44d6bcd00d3bae34a6ac5a14a0f84396ac3c7be2ad6ea0fc3c4a3d6f898dee3d334833a29f151ea32c69edc1dec

  • SSDEEP

    24576://YkBHVvCojMG9KxZojBTfTpYAl9ku2SA+YW7JpgDq9JFaoOxxKYtbk2085w:XYkXj2AvpYAK9W7JCO9JULxnbkww

Malware Config

Targets

    • Target

      bf531b94a7629ee1b3eae48f099eb51fa15063a5e5fc8295430c8d61cf3d3365

    • Size

      1.1MB

    • MD5

      041e3e55b83758f3b44a0df7372272a0

    • SHA1

      9f049daa24198025d2073f489883f6b2a9655a9e

    • SHA256

      bf531b94a7629ee1b3eae48f099eb51fa15063a5e5fc8295430c8d61cf3d3365

    • SHA512

      91a3f8d4accedd16bacbe13b58db11f22457c44d6bcd00d3bae34a6ac5a14a0f84396ac3c7be2ad6ea0fc3c4a3d6f898dee3d334833a29f151ea32c69edc1dec

    • SSDEEP

      24576://YkBHVvCojMG9KxZojBTfTpYAl9ku2SA+YW7JpgDq9JFaoOxxKYtbk2085w:XYkXj2AvpYAK9W7JCO9JULxnbkww

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Enumerates VirtualBox registry keys

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Discovery

Software Discovery

1
T1518

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

Tasks