Overview

overview

9

Static

static

1

0f607bf585...ee.exe

windows7-x64

9

0f607bf585...ee.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22de181249b690fe72765d7ea88261aa.bin

  • Size

    3.1MB

  • Sample

    230412-b1r4fsad3x

  • MD5

    f187640310f14006a358374c54272984

  • SHA1

    d92f17f4931a446540af69150b2b22f8176a27c9

  • SHA256

    1dfcce1ce83f53c469c4e45cccd2a372a2bb97d7e3992f92161314a4c33e57e1

  • SHA512

    6512ad8611bf820471781c5bad2edab41a41cc141e1163a0e192d718c9f86eae99d5cf113ee2f7c45944a10c6b08eb12dd57416d8488670d3039d04b230ec893

  • SSDEEP

    49152:6m+ZgAjLkS/6V8TNetsS7nqRksHjJFPzCeWKL6QaxCJHQsUNEePcmTYmDTD1RSWQ:b+Zg4Lk7VWe2epsbWRaJUme9LJQIM

Score
9/10
discoveryevasiontrojanupx

Malware Config

Targets

    • Target

      0f607bf5852d3f70dfbf006efa7520d1b9f71ecf8b3e56fc0301d2334e434bee.exe

    • Size

      3.5MB

    • MD5

      22de181249b690fe72765d7ea88261aa

    • SHA1

      74bef0075a62ab823ecd3218c83d44e5b878b99a

    • SHA256

      0f607bf5852d3f70dfbf006efa7520d1b9f71ecf8b3e56fc0301d2334e434bee

    • SHA512

      f4ae5196c921e9becf8837b84af2f86153c7d99fb54da6d8453ebdeb53509f9be02a288c0c26ab2340ace94fbaa351302425164febd928b02fdeaaa2302123f2

    • SSDEEP

      49152:b/beXS0wKk0PlMb79rofRV649W3gHCPCOLnlDoftbvDGxhrIASdNmYU7ex:LbQwKpPiCWltPC6MftbrGXNMNF

    Score
    9/10
    discoveryevasiontrojanupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks