4e134ea499396ea639191c9d43133b11f3a3f7beec98438f0d5174cf24b730ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GooglePremiun.exe
Size

5.4MB
Sample

221228-wjvhgaba88
MD5

2c4dcb97d35e145c1fd6dd464a59c3f3
SHA1

f0bbdd8f987501355e314a373d2ad59fd4c415f0
SHA256

4e134ea499396ea639191c9d43133b11f3a3f7beec98438f0d5174cf24b730ff
SHA512

2d3149cb249efc432e2254bdff01ae71856d360e73bd870a616f39ada27c3c9846c59f42b9f8258e11682ec7cba63e1509e43a78b919c1de87bc9ae935d259d6
SSDEEP

98304:zunUYfEDuqky47DZUdtd6pVsi5JsavYh0VKVSI5aFZE2V5pSuwo6ZdfK4sDgwa:SUsTkiD2dtSIavYqI0I5cZfXpHx6ZT

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  GooglePremiun.exe
- Size
  
  5.4MB
- MD5
  
  2c4dcb97d35e145c1fd6dd464a59c3f3
- SHA1
  
  f0bbdd8f987501355e314a373d2ad59fd4c415f0
- SHA256
  
  4e134ea499396ea639191c9d43133b11f3a3f7beec98438f0d5174cf24b730ff
- SHA512
  
  2d3149cb249efc432e2254bdff01ae71856d360e73bd870a616f39ada27c3c9846c59f42b9f8258e11682ec7cba63e1509e43a78b919c1de87bc9ae935d259d6
- SSDEEP
  
  98304:zunUYfEDuqky47DZUdtd6pVsi5JsavYh0VKVSI5aFZE2V5pSuwo6ZdfK4sDgwa:SUsTkiD2dtSIavYqI0I5cZfXpHx6ZT
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2