General
-
Target
2f1daf41d17043e9b479e306c5d7467d62d2da473fee1d1781fbde4e415114ed
-
Size
3MB
-
Sample
230319-cma4fsge7y
-
MD5
2fa49cce2716beaa8747f80a1ff23a5f
-
SHA1
63cafe83dfbd6dfae9f5d5796e9c49faa7f26259
-
SHA256
2f1daf41d17043e9b479e306c5d7467d62d2da473fee1d1781fbde4e415114ed
-
SHA512
b50530ebd1def720da9090deec61e086c8cf73b3919ab3aad3cf1290fb65922655c8a0ea67e5a6ccaec5178431e667bc9d70b35925b9dd52ce29a65726402d61
-
SSDEEP
49152:lr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVlon:+Kvfd94XayMT5sH9M0aS8o9uWyUhHy+
Malware Config
Targets
-
-
Target
2f1daf41d17043e9b479e306c5d7467d62d2da473fee1d1781fbde4e415114ed
-
Size
3MB
-
MD5
2fa49cce2716beaa8747f80a1ff23a5f
-
SHA1
63cafe83dfbd6dfae9f5d5796e9c49faa7f26259
-
SHA256
2f1daf41d17043e9b479e306c5d7467d62d2da473fee1d1781fbde4e415114ed
-
SHA512
b50530ebd1def720da9090deec61e086c8cf73b3919ab3aad3cf1290fb65922655c8a0ea67e5a6ccaec5178431e667bc9d70b35925b9dd52ce29a65726402d61
-
SSDEEP
49152:lr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVlon:+Kvfd94XayMT5sH9M0aS8o9uWyUhHy+
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Modifies file permissions
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Scheduled Task
1Privilege Escalation