Overview

overview

9

Static

static

1

4213ds/u3yUAGt07i.exe

windows7-x64

9

4213ds/u3yUAGt07i.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    full.rar

  • Size

    26.5MB

  • Sample

    230207-awy6jabh2s

  • MD5

    6d07b41848fd2b20117f5a71feedc8db

  • SHA1

    eaa67d618cd2cf8ca8e7f95a558cb05aa7b76a7b

  • SHA256

    fd7329ac9e8111fd954f2bb8abf49d684265a5de8325b7e7e4ca640ce9f8eadd

  • SHA512

    6e12bc4e4e9a11d1ee610970f34a150eead20a1cfbe0757fa60caa7fc9f4ef826fd0accb6868027f962ce131fe3460377f998fd6d20dab52bb08a878299b0770

  • SSDEEP

    786432:FdTpV12GHKfV1Qo4ptApCbvaiRAHpk5bEdyYhdeJAC:Fd1VzKt1QftECjbQpQEXC

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      4213ds/u3yUAGt07i.exe

    • Size

      12.9MB

    • MD5

      7791d25acbf4b6e03392aad4cbaf93a0

    • SHA1

      afd50ed24e2dcb8ffd128c22e8e526870e065a04

    • SHA256

      8e46242657a4a84d31840341fb023d4c08b053e0f4329e3d837b1cb5d22e1708

    • SHA512

      72479d19d91e7410dc80d77314243f2b087ff02abd2224bd28112e79eb75e94c31d1f0382ceefe1be911be392e171f0b59b303b8eb76aefb4eadfb769a5c206c

    • SSDEEP

      196608:/ntHA/J/KgW9znu4MUwN0OdER9P9zjBgOiPp97rMAfZ+WL9kdAe9XWc:/tSJCZ9znMJN0OdUnHBgZHr54WLedAWN

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks