General
-
Target
0052238110cbbade6a8d88ca3bc3ecd55be1f32cfb0ce0e922bd2e66491c18c1
-
Size
3MB
-
Sample
230319-cnes2age7z
-
MD5
e64d43d3203f39444ac9458125576d0e
-
SHA1
6e901f88e2a1518c812a4084b60c24189c222384
-
SHA256
0052238110cbbade6a8d88ca3bc3ecd55be1f32cfb0ce0e922bd2e66491c18c1
-
SHA512
b4837311c8ce6d2e84f5b4182a9f8d5fa3ccd61607383309eb168cf1aff2013336485383c51d810592ae81237522824cb1964182b935c9089291a89f582df107
-
SSDEEP
49152:Hr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVloL:cKvfd94XayMT5sH9M0aS8o9uWyUhHyC
Malware Config
Targets
-
-
Target
0052238110cbbade6a8d88ca3bc3ecd55be1f32cfb0ce0e922bd2e66491c18c1
-
Size
3MB
-
MD5
e64d43d3203f39444ac9458125576d0e
-
SHA1
6e901f88e2a1518c812a4084b60c24189c222384
-
SHA256
0052238110cbbade6a8d88ca3bc3ecd55be1f32cfb0ce0e922bd2e66491c18c1
-
SHA512
b4837311c8ce6d2e84f5b4182a9f8d5fa3ccd61607383309eb168cf1aff2013336485383c51d810592ae81237522824cb1964182b935c9089291a89f582df107
-
SSDEEP
49152:Hr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVloL:cKvfd94XayMT5sH9M0aS8o9uWyUhHyC
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Modifies file permissions
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Scheduled Task
1Privilege Escalation