General

  • Target

    8d4a5ac25c8042aefee4923b998396cf5616516279c39a54a7527fda5f63a6d5

  • Size

    3.4MB

  • Sample

    230315-aydydaaf87

  • MD5

    d27af446e4cb6e3459270257615254a8

  • SHA1

    37270fb5f75b2c40b48c5ffc7fe2f245674aecea

  • SHA256

    8d4a5ac25c8042aefee4923b998396cf5616516279c39a54a7527fda5f63a6d5

  • SHA512

    d36411fb40ff40341248a23b6822242067cc9c9605a3edde2e56bd25970271d0bcb4f0ebfa9e4f6ddf60f0930877fef12ceb70dd2889e6fb428c782d85a70310

  • SSDEEP

    98304:+na5Gkonx+t5bHJmSwD2jCgQIr/84IVuTPYFw:4a5InxsjmTK+gQIjCw3

Malware Config

Targets

    • Target

      8d4a5ac25c8042aefee4923b998396cf5616516279c39a54a7527fda5f63a6d5

    • Size

      3.4MB

    • MD5

      d27af446e4cb6e3459270257615254a8

    • SHA1

      37270fb5f75b2c40b48c5ffc7fe2f245674aecea

    • SHA256

      8d4a5ac25c8042aefee4923b998396cf5616516279c39a54a7527fda5f63a6d5

    • SHA512

      d36411fb40ff40341248a23b6822242067cc9c9605a3edde2e56bd25970271d0bcb4f0ebfa9e4f6ddf60f0930877fef12ceb70dd2889e6fb428c782d85a70310

    • SSDEEP

      98304:+na5Gkonx+t5bHJmSwD2jCgQIr/84IVuTPYFw:4a5InxsjmTK+gQIjCw3

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks