Overview

overview

9

Static

static

Chater_Rqs... 4.exe

windows7-x64

5

Chater_Rqs... 4.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chater_Rqst_rh_0.4.1 4.exe

  • Size

    1.7MB

  • Sample

    230106-lbvhdsbc2z

  • MD5

    fc0ef831ee6dcd34f1cc1e3b484b139b

  • SHA1

    c864404fddc9e946a52cbc4c54c1b450e70d76b0

  • SHA256

    2a99f25f4212f53d7479bfb140c572ca9f44394fbc4817743b1338cddf95a2d6

  • SHA512

    6438c021d82def59fd9aa087e301c0ebafd9dfadc59ba4cc645c92634d19040426159357654f11614bcb649c8da51cc1f4f3e264d3be87472c4e3ef70308c0a7

  • SSDEEP

    24576:eK5eCX7JpFCcuBLN/TrReV1sHXLgAE4SDExTwoOFzJg4J2Yq1/FcULgBi/E7V+AR:ejTfecT3OuYq12UqIg

Score
9/10
evasion

Malware Config

Targets

    • Target

      Chater_Rqst_rh_0.4.1 4.exe

    • Size

      1.7MB

    • MD5

      fc0ef831ee6dcd34f1cc1e3b484b139b

    • SHA1

      c864404fddc9e946a52cbc4c54c1b450e70d76b0

    • SHA256

      2a99f25f4212f53d7479bfb140c572ca9f44394fbc4817743b1338cddf95a2d6

    • SHA512

      6438c021d82def59fd9aa087e301c0ebafd9dfadc59ba4cc645c92634d19040426159357654f11614bcb649c8da51cc1f4f3e264d3be87472c4e3ef70308c0a7

    • SSDEEP

      24576:eK5eCX7JpFCcuBLN/TrReV1sHXLgAE4SDExTwoOFzJg4J2Yq1/FcULgBi/E7V+AR:ejTfecT3OuYq12UqIg

    Score
    9/10
    evasion

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks