General

  • Target

    4d06b77f2fcbb33d01bc8e53dcab620bd8417d780f63c12ba32161d3b453416e

  • Size

    3.4MB

  • Sample

    230328-e67ymsag5s

  • MD5

    e0f29e4688840dd747b1061412c1e564

  • SHA1

    0e3d97d947f5a66f4854cde878a17a5e45c14b42

  • SHA256

    4d06b77f2fcbb33d01bc8e53dcab620bd8417d780f63c12ba32161d3b453416e

  • SHA512

    4b70c4736d6c557617bad7fca3efee0d9d604a58d883618ed38d80b4dd8485486f9b987c19dc37ef9b17d0752da291bffca2869b3728d3fa12f681b2411ce812

  • SSDEEP

    98304:8JuR21C/yIq/dhl/O4i/TksjdFwvhzjMSwRVq:88D/yIqlhlW4i/QsnwZzjMSeVq

Malware Config

Targets

    • Target

      4d06b77f2fcbb33d01bc8e53dcab620bd8417d780f63c12ba32161d3b453416e

    • Size

      3.4MB

    • MD5

      e0f29e4688840dd747b1061412c1e564

    • SHA1

      0e3d97d947f5a66f4854cde878a17a5e45c14b42

    • SHA256

      4d06b77f2fcbb33d01bc8e53dcab620bd8417d780f63c12ba32161d3b453416e

    • SHA512

      4b70c4736d6c557617bad7fca3efee0d9d604a58d883618ed38d80b4dd8485486f9b987c19dc37ef9b17d0752da291bffca2869b3728d3fa12f681b2411ce812

    • SSDEEP

      98304:8JuR21C/yIq/dhl/O4i/TksjdFwvhzjMSwRVq:88D/yIqlhlW4i/QsnwZzjMSeVq

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

File Permissions Modification

1
T1222

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks