General
-
Target
8d89b8acb10cf6d30f00e65b2499de8df3db154dec15a8190408db7ef3b76851
-
Size
5MB
-
Sample
230325-eyaceabb34
-
MD5
070c397b7d77be8f730a01b64d3c03c3
-
SHA1
dc32d188461e552bb72ed0fb16e0af45dd62bde5
-
SHA256
8d89b8acb10cf6d30f00e65b2499de8df3db154dec15a8190408db7ef3b76851
-
SHA512
1fc0725fc03530f5add5a9c161f52852f8c7878f7a617a7275fef463891787617b3dc3a3d16fc33494715e0d4f538cf08dace64d4c40b461443a9b334c7d6925
-
SSDEEP
98304:4nhLTDcdqwb3KfoNpUSMxQ7pbw+abYNuJ+l7:Wc4qKiSD
Malware Config
Targets
-
-
Target
8d89b8acb10cf6d30f00e65b2499de8df3db154dec15a8190408db7ef3b76851
-
Size
5MB
-
MD5
070c397b7d77be8f730a01b64d3c03c3
-
SHA1
dc32d188461e552bb72ed0fb16e0af45dd62bde5
-
SHA256
8d89b8acb10cf6d30f00e65b2499de8df3db154dec15a8190408db7ef3b76851
-
SHA512
1fc0725fc03530f5add5a9c161f52852f8c7878f7a617a7275fef463891787617b3dc3a3d16fc33494715e0d4f538cf08dace64d4c40b461443a9b334c7d6925
-
SSDEEP
98304:4nhLTDcdqwb3KfoNpUSMxQ7pbw+abYNuJ+l7:Wc4qKiSD
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Bootkit
1Privilege Escalation