Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
Size

4MB
Sample

230326-cn1qhafc26
MD5

cd4839fbc22c6fccab4c3170c845bfdb
SHA1

2f0edc79f6248f17c61e86d02be38c6d6b11b75b
SHA256

f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
SHA512

2e8a55d8ad8916a9772e73956244d1ec68c35963395fd7d71fd9ae881ab72bb30d04aa39427420fc44460e2a03a39ddc9937b69bebb6ca74835573350b605524
SSDEEP

98304:9/4JXInxCzh+jyHbhGYndKYJ/mtnZCYiZ6c+RCHuY:9/4JX0xa+jy5np8nAZ6aHu

Score

7^/10

bootkit persistence vmprotect

Malware Config

Targets

- Target
  
  f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
- Size
  
  4MB
- MD5
  
  cd4839fbc22c6fccab4c3170c845bfdb
- SHA1
  
  2f0edc79f6248f17c61e86d02be38c6d6b11b75b
- SHA256
  
  f63c549707775b9add6dc22526df887ea868f789c81824416db2bce6af8a50a4
- SHA512
  
  2e8a55d8ad8916a9772e73956244d1ec68c35963395fd7d71fd9ae881ab72bb30d04aa39427420fc44460e2a03a39ddc9937b69bebb6ca74835573350b605524
- SSDEEP
  
  98304:9/4JXInxCzh+jyHbhGYndKYJ/mtnZCYiZ6c+RCHuY:9/4JX0xa+jy5np8nAZ6aHu
Score

7^/10

bootkit persistence vmprotect
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

T1012

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

T1067

Privilege Escalation

Tasks

static1

behavioral1

bootkitpersistencevmprotect

behavioral2

bootkitpersistencevmprotect