601b112502f810f643b1c87b245f50533b472c13d87e69c187ce46daefe63bcf | Triage

Sharing

General

Target

LolScriptV13.1.rar
Size

24.6MB
Sample

230207-ap8rdsgf37
MD5

5a34f26a9d49e00068104813b4c2475f
SHA1

25de31f845d716ddeb1498f276d873202d856a1a
SHA256

601b112502f810f643b1c87b245f50533b472c13d87e69c187ce46daefe63bcf
SHA512

63e71f9878e8e17977a917c49f27f06c4a6d7d06a698e740565d2eb19b90351066943309b43a91403fb5e2a45a3aff67a915e4744f27f0e90fae74f39e27c558
SSDEEP

393216:KKkDiTrj3BCbswubHx3jcRCx7z4zvPVBJdnbjPvgTgRHmNdc1CGJZk6bRVqKnz84:KKkmTnD+RCtovPjvnPTB0k/qnKIWb8Mz

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  LolScriptV13.1/LolScriptV13.1/LolScript/LolScript.exe
- Size
  
  11.0MB
- MD5
  
  15f8670edce8902831bf9541c8749e90
- SHA1
  
  bcb53912c22a7328e3ead74b5dd01400d6ee5536
- SHA256
  
  f8bae3cd04ff1b52391dc3c62f5e47a44be2271dcba9964290ce5f81b0e32e85
- SHA512
  
  8ce3d82ffa17d5e1a15f37f08f0af54a86e9100806dda7c099e1758fff41c9a60b0658e93cbeec0465e70280296ef545054d1d3927fdbcd6468361528fb8c5fc
- SSDEEP
  
  196608:QsKmZRO75oqIqZzeYZ14asm96c0p7rUMNsMC/pb4jKooMFteo4XTi22MXW1jAiJn:QsXZIPIaR+UGxrpNsM2pb4jK1osTi20P
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2