c98631ac5f43c7b1d45fedc2c8d54696860b92ed73a28376c200508b4a67f697 | Triage

Sharing

General

Target

c98631ac5f43c7b1d45fedc2c8d54696860b92ed73a28376c200508b4a67f697
Size

159KB
Sample

221127-tnexgaed4y
MD5

f35d5b7f3334a3eea993547a319bd6cd
SHA1

dad10e0c1b97cf720e81a10edde8a468990ca140
SHA256

c98631ac5f43c7b1d45fedc2c8d54696860b92ed73a28376c200508b4a67f697
SHA512

7653eccb47378399d45ab6a8d19df73e1e1e3bb03d42db8dc2b83856b12e2255522cbc02084dd06b2f22602b0d0b82a28dda5e74c569fd7e8bab3fc0c0a47fd4
SSDEEP

3072:mVtnIr8svE4OoqSwL+avJ8se/CLtHFy4GXdjIMIXBEIx2Dcx:DbqS09LJFyPNjUXB5UG

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  c98631ac5f43c7b1d45fedc2c8d54696860b92ed73a28376c200508b4a67f697
- Size
  
  159KB
- MD5
  
  f35d5b7f3334a3eea993547a319bd6cd
- SHA1
  
  dad10e0c1b97cf720e81a10edde8a468990ca140
- SHA256
  
  c98631ac5f43c7b1d45fedc2c8d54696860b92ed73a28376c200508b4a67f697
- SHA512
  
  7653eccb47378399d45ab6a8d19df73e1e1e3bb03d42db8dc2b83856b12e2255522cbc02084dd06b2f22602b0d0b82a28dda5e74c569fd7e8bab3fc0c0a47fd4
- SSDEEP
  
  3072:mVtnIr8svE4OoqSwL+avJ8se/CLtHFy4GXdjIMIXBEIx2Dcx:DbqS09LJFyPNjUXB5UG
Score

9^/10

evasion persistence
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2