General

  • Target

    1a0f8e75afc1d4031d4d4daece2f4ad0bdebd32b31f110a7d6c43e10b7d055eb

  • Size

    3.4MB

  • Sample

    230319-dcvksaef27

  • MD5

    3bfd35829333ec3f1e4c89b67a05dc0b

  • SHA1

    fcff0f19e1fbb0f5fadbf4507323a6ab80739904

  • SHA256

    1a0f8e75afc1d4031d4d4daece2f4ad0bdebd32b31f110a7d6c43e10b7d055eb

  • SHA512

    e6e60128892f1d240055ce3106f75c2d8a46ec6b78fd5d55ae9ad2d49d61b6544fb1d9d71337f86c6c2a02fe75cbb2b745780665f35726d7c4ef917b5971426a

  • SSDEEP

    49152:jr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVlo8:oKvfd94XayMT5sH9M0aS8o9uWyUhHyd

Malware Config

Targets

    • Target

      1a0f8e75afc1d4031d4d4daece2f4ad0bdebd32b31f110a7d6c43e10b7d055eb

    • Size

      3.4MB

    • MD5

      3bfd35829333ec3f1e4c89b67a05dc0b

    • SHA1

      fcff0f19e1fbb0f5fadbf4507323a6ab80739904

    • SHA256

      1a0f8e75afc1d4031d4d4daece2f4ad0bdebd32b31f110a7d6c43e10b7d055eb

    • SHA512

      e6e60128892f1d240055ce3106f75c2d8a46ec6b78fd5d55ae9ad2d49d61b6544fb1d9d71337f86c6c2a02fe75cbb2b745780665f35726d7c4ef917b5971426a

    • SSDEEP

      49152:jr1c7Kvf8e9HTgXHXayMSTQ5c1ztH9rDDQvOJRg05T0Oa/rm2ho8IucxzrurVlo8:oKvfd94XayMT5sH9M0aS8o9uWyUhHyd

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

File Permissions Modification

1
T1222

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks