f2dda7005d6f0c52626aafeee700df4dfcde66fc88083264f3df9e4f50679168 | Triage

Sharing

General

Target

f2dda7005d6f0c52626aafeee700df4dfcde66fc88083264f3df9e4f50679168
Size

5.8MB
Sample

230413-zdcx1sea86
MD5

96e17957914f97d9f1912cfc00b9c24a
SHA1

45b576ad6f1e917f11f1faff4783c1324bf4cbd8
SHA256

f2dda7005d6f0c52626aafeee700df4dfcde66fc88083264f3df9e4f50679168
SHA512

f13879af4d603b55c5cc8d3803ac4ee80ce90fff983a0bd611ab92a1db2ce16c691449e9f814109353f49bc4cfeb125866baa9a4892ab550198b3af00022837b
SSDEEP

98304:zJmMokAEBkdcQIIExZ5Jawd7RBwXlIW0C2niGUHcDx:zJmMokhycLBulIW6nVjx

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  f2dda7005d6f0c52626aafeee700df4dfcde66fc88083264f3df9e4f50679168
- Size
  
  5.8MB
- MD5
  
  96e17957914f97d9f1912cfc00b9c24a
- SHA1
  
  45b576ad6f1e917f11f1faff4783c1324bf4cbd8
- SHA256
  
  f2dda7005d6f0c52626aafeee700df4dfcde66fc88083264f3df9e4f50679168
- SHA512
  
  f13879af4d603b55c5cc8d3803ac4ee80ce90fff983a0bd611ab92a1db2ce16c691449e9f814109353f49bc4cfeb125866baa9a4892ab550198b3af00022837b
- SSDEEP
  
  98304:zJmMokAEBkdcQIIExZ5Jawd7RBwXlIW0C2niGUHcDx:zJmMokhycLBulIW6nVjx
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2