General

  • Target

    40e88b99a6b03c16111987fa7aaf98cbb564055f2d822aa213b497ec70232c18

  • Size

    3.4MB

  • Sample

    230314-dgfmesfb6t

  • MD5

    a4156d3baec30f5866d6a2403b9341d5

  • SHA1

    62820b126f3c67487904729897e17ef7bd4e3417

  • SHA256

    40e88b99a6b03c16111987fa7aaf98cbb564055f2d822aa213b497ec70232c18

  • SHA512

    3a4e5cac114ed6d9a9fa10ccc1165322e7bfebae19794da69f65f1b9479ef7d74e4bffb2ad1e1aa173a7fc8a04b97a2f1cf465f73d6e3593dcf3c3d9c2cd3ac8

  • SSDEEP

    98304:lmwMi6hqm+mXHkTiGDsAsQJEwky5CXjcM0Jhv8jYhz:lmRhfv3DG4+vsXjcM0zv8jS

Malware Config

Targets

    • Target

      40e88b99a6b03c16111987fa7aaf98cbb564055f2d822aa213b497ec70232c18

    • Size

      3.4MB

    • MD5

      a4156d3baec30f5866d6a2403b9341d5

    • SHA1

      62820b126f3c67487904729897e17ef7bd4e3417

    • SHA256

      40e88b99a6b03c16111987fa7aaf98cbb564055f2d822aa213b497ec70232c18

    • SHA512

      3a4e5cac114ed6d9a9fa10ccc1165322e7bfebae19794da69f65f1b9479ef7d74e4bffb2ad1e1aa173a7fc8a04b97a2f1cf465f73d6e3593dcf3c3d9c2cd3ac8

    • SSDEEP

      98304:lmwMi6hqm+mXHkTiGDsAsQJEwky5CXjcM0Jhv8jYhz:lmRhfv3DG4+vsXjcM0zv8jS

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks