General
-
Target
SecuriteInfo.com.Win64.PWSX-gen.3187.26224.exe
-
Size
1.1MB
-
Sample
230328-jdj4bsbd7t
-
MD5
9de36c98f536475f24a05cc8dda87b38
-
SHA1
38bb84519bd71133d1df4f7c7db387055c634cbd
-
SHA256
fbfa8f32f35e7925f320978a55f28df0c6214cefd8a93fa02a0c1d946d100715
-
SHA512
daf15d86198a88cc6d465bafa8c1106763756dd5e4fc23e5a813becc42a8aab1187408a96b15c584d29ba5aaa3dab1bae2de2e68c7ff56a4766e77e393e1d16a
-
SSDEEP
24576:17LXnVC7Ko7A11cljuxSd9Hbf0RnV8XJefZXZXqc1rnRqaJ:13FC7T7gBSbf0RV1F3rnRqq
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win64.PWSX-gen.3187.26224.exe
-
Size
1.1MB
-
MD5
9de36c98f536475f24a05cc8dda87b38
-
SHA1
38bb84519bd71133d1df4f7c7db387055c634cbd
-
SHA256
fbfa8f32f35e7925f320978a55f28df0c6214cefd8a93fa02a0c1d946d100715
-
SHA512
daf15d86198a88cc6d465bafa8c1106763756dd5e4fc23e5a813becc42a8aab1187408a96b15c584d29ba5aaa3dab1bae2de2e68c7ff56a4766e77e393e1d16a
-
SSDEEP
24576:17LXnVC7Ko7A11cljuxSd9Hbf0RnV8XJefZXZXqc1rnRqaJ:13FC7T7gBSbf0RV1F3rnRqq
Score10/10-
UAC bypass
-
Windows security bypass
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Windows security modification
-
Accesses Microsoft Outlook profiles
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Defense Evasion
Bypass User Account Control
1Disabling Security Tools
3Modify Registry
5Virtualization/Sandbox Evasion
2Scripting
1