ad2db44c66b5a514dbd6507d37d14666437794f26d80e7b56496eb85e50b1743 | Triage

Sharing

General

Target

ad2db44c66b5a514dbd6507d37d14666437794f26d80e7b56496eb85e50b1743
Size

142KB
Sample

221128-fh746sfh37
MD5

0bf1bcbe48b517b79c71232b987eed56
SHA1

466f91dfdf88f48cf2b305659d2a8f7210a25d96
SHA256

ad2db44c66b5a514dbd6507d37d14666437794f26d80e7b56496eb85e50b1743
SHA512

82fb8b8e913765d7ab8e1768f59cc8b6fbbda02b3900f0c10e2eb351a2efa6618a6aac45d14c2cee5a971384511c17e75d1919908b57ff3fa614e4c824ce305f
SSDEEP

3072:LehlJa7H1orX0GliLNyVOJsD5tVXAJOQE6O7:S9X0Glifcbx

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  ad2db44c66b5a514dbd6507d37d14666437794f26d80e7b56496eb85e50b1743
- Size
  
  142KB
- MD5
  
  0bf1bcbe48b517b79c71232b987eed56
- SHA1
  
  466f91dfdf88f48cf2b305659d2a8f7210a25d96
- SHA256
  
  ad2db44c66b5a514dbd6507d37d14666437794f26d80e7b56496eb85e50b1743
- SHA512
  
  82fb8b8e913765d7ab8e1768f59cc8b6fbbda02b3900f0c10e2eb351a2efa6618a6aac45d14c2cee5a971384511c17e75d1919908b57ff3fa614e4c824ce305f
- SSDEEP
  
  3072:LehlJa7H1orX0GliLNyVOJsD5tVXAJOQE6O7:S9X0Glifcbx
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2