fe29a89f3cafdae3c78ba4b7eac1c98dcbf2b6077871e8149db8a815472fdd8f | Triage

Resubmissions

02-02-2023 19:16

230202-xy5sesef86 9

02-02-2023 19:03

230202-xqq93aec54 9

Sharing

General

Target

MalTester2.exe
Size

16.6MB
Sample

230202-xqq93aec54
MD5

e1606b69ee4e58966bc1d0b0db9c7d3c
SHA1

b9b266a20187f4d3649395545b92b86ec4982ca4
SHA256

fe29a89f3cafdae3c78ba4b7eac1c98dcbf2b6077871e8149db8a815472fdd8f
SHA512

0eeb924f1ab337b6421c09e7bae5c702ecea54e3acb2f8a800354f5362dfb440a7cd510af71b0b4285fb6f8d4c37b2911f9817e172a072421a789fbe025bb31b
SSDEEP

393216:3KUNe1XuxId9g4jMmKySPFZEH15EX8SvC2YhMo3Jkq3shsfp:39e1Xu29HKJPu15EFC2YpSq3qsfp

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  MalTester2.exe
- Size
  
  16.6MB
- MD5
  
  e1606b69ee4e58966bc1d0b0db9c7d3c
- SHA1
  
  b9b266a20187f4d3649395545b92b86ec4982ca4
- SHA256
  
  fe29a89f3cafdae3c78ba4b7eac1c98dcbf2b6077871e8149db8a815472fdd8f
- SHA512
  
  0eeb924f1ab337b6421c09e7bae5c702ecea54e3acb2f8a800354f5362dfb440a7cd510af71b0b4285fb6f8d4c37b2911f9817e172a072421a789fbe025bb31b
- SSDEEP
  
  393216:3KUNe1XuxId9g4jMmKySPFZEH15EX8SvC2YhMo3Jkq3shsfp:39e1Xu29HKJPu15EFC2YpSq3qsfp
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2