2a8700bc4ec8940caacd809d6836a68eac69cd8115cf2057cc4f263cd0ef668d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.rar
Size

6.8MB
Sample

221204-lb4q3afa82
MD5

562ae49d1ab1ca30d8aed7cd1e28bfa2
SHA1

e025cecf4b03eac7b6350da218b8950dee45e0dc
SHA256

2a8700bc4ec8940caacd809d6836a68eac69cd8115cf2057cc4f263cd0ef668d
SHA512

fb6214bfaaf28b61ca282720b28239f4937c29637d027f82f86ac99bdfbd5e9a9304861d32451c6520d0ef3be680483a1b5036c5af967f3b3747ba78861d6bbb
SSDEEP

196608:R+NghVNnEjx1E/E2UODsp+Xw0uSXulhrvFZz:WghfEInDgj0uS+hpZz

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  ID_EBTXV-Ar_ES6a1Sj0.exe
- Size
  
  13.6MB
- MD5
  
  c2ae27b92b481f1abdd24640679ad884
- SHA1
  
  88385e8e1ac88dff263e1edb86e187569be6c0b4
- SHA256
  
  62697eded6b42b898ab217eb486c7a9ab0f9a46deeafe4cd7536b13774977b11
- SHA512
  
  6394d18ef125497b5a73d90bc2ce81e3f7d4ba9a8f8562e24f68e9728e8ff0e95c8e8e16dff9d8a426e1a69c9592746923a9626efd2d0bca8f8cf8633a3d91a4
- SSDEEP
  
  393216:Fp1La6D1s11U11MlF911U11UhoI11U11osLoT4ACZEMwwWDD:gELPmjD
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2