General

  • Target

    Payment advice.zip

  • Size

    612KB

  • Sample

    230125-l83v2ahd2t

  • MD5

    fbc616e48a9bf3df5358dc4b7091cd50

  • SHA1

    3d2cf7ff523b5f81cebf93e683608b88063627d6

  • SHA256

    6f517346dda6fb2c2ebb5daa79accf165e866ec394a3bec9983b96a372cdfcda

  • SHA512

    1530fe86d5df0a510f407e86f3aa7344efa0b6935bd3bdad23a65516a2f57d1712ef34593b27e789a472116e2762c1743aeb4c017b58e63acd57ac5252c4da2a

  • SSDEEP

    12288:tYd2/E5EXG+SF8zOqW5t86xhjeXvnafEOBr52ox1fpiCQmtxYDJUJt:tYd2s0k8dW5t86ufMDrrlLiq

Score
9/10

Malware Config

Targets

    • Target

      Payment advice.exe

    • Size

      664KB

    • MD5

      c59007226b76f19d81731c274478a91f

    • SHA1

      226308c36c0a4f7b63a46e470f0d79c217c03a07

    • SHA256

      c2d1359274d63fa192cfa5e08e73328b47170d2be743dee89bae0555eef65ace

    • SHA512

      0b15bfbdab99569764d7ed50328c73761cb44c8def6081693abf0ff91aab0d202d80c286b9c7422700dea8844890c2ee76f790b93116b4274353e678eb3ee343

    • SSDEEP

      12288:20Q4KjkKYrubiXG+IF8zIqW5temxhjejvnapEOfr52oj1fpiC0mn/Yic4:oolr6Ue87W5tem2jAlr5lVwic4

    Score
    9/10
    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Modify Registry

1
T1112

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks