General

  • Target

    e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5

  • Size

    24KB

  • Sample

    221227-fp6vpaec59

  • MD5

    c27c64b3486d60f8efef2e10275faa02

  • SHA1

    af8a9089ed5983b07b2dfa93726a89e9aaec5958

  • SHA256

    e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5

  • SHA512

    2d168d3ff62ac7e2d42a842592b589eff5d50edf6402a51fb778f37d0eb8c5f00ff5aa6a2029ddf54ccabc23889160ef454178839eb472877e9a487bb0d85787

  • SSDEEP

    192:dJw/Pr9rzr3YnwiEKag81razNTPYOVO6qIUoynny2syRsSW0/g6K:jw/jpHowiCg8Bq9Pqdty2s6

Score
10/10

Malware Config

Targets

    • Target

      e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5

    • Size

      24KB

    • MD5

      c27c64b3486d60f8efef2e10275faa02

    • SHA1

      af8a9089ed5983b07b2dfa93726a89e9aaec5958

    • SHA256

      e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5

    • SHA512

      2d168d3ff62ac7e2d42a842592b589eff5d50edf6402a51fb778f37d0eb8c5f00ff5aa6a2029ddf54ccabc23889160ef454178839eb472877e9a487bb0d85787

    • SSDEEP

      192:dJw/Pr9rzr3YnwiEKag81razNTPYOVO6qIUoynny2syRsSW0/g6K:jw/jpHowiCg8Bq9Pqdty2s6

    Score
    10/10
    • UAC bypass

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.