2eecf5e7f48a7d84c212695f157295d060963470e4e0afab14eb2e491ae0f1d6 | Triage

Resubmissions

24/05/2023, 15:04

230524-sfkbjsde2v 9

24/05/2023, 15:00

230524-sdapbsda39 9

Sharing

Copy URL Twitter E-mail

General

Target

echo-free.exe
Size

15.6MB
Sample

230524-sdapbsda39
MD5

25fca21c810a8ffabf4fdf3b1755c73c
SHA1

225f3bc7017ce5e5464862ec9c864a11fedf1145
SHA256

2eecf5e7f48a7d84c212695f157295d060963470e4e0afab14eb2e491ae0f1d6
SHA512

7dc9c229f6c79f188d4f3df57f7257654effec8a3ead340cfbece639b68469c5a4cc06986360f75c5c1bfd24216366703159b3946f61e25153042bf46a4abe4d
SSDEEP

98304:S3JV0DgpleTM787SmtJ84kCDqRW/0Grx4vPuvD9luwUilCHHitpQeUhE2j3HTDrH:CfRyJruSxdO1A5IXL5BpSehSE6uKw5

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  echo-free.exe
- Size
  
  15.6MB
- MD5
  
  25fca21c810a8ffabf4fdf3b1755c73c
- SHA1
  
  225f3bc7017ce5e5464862ec9c864a11fedf1145
- SHA256
  
  2eecf5e7f48a7d84c212695f157295d060963470e4e0afab14eb2e491ae0f1d6
- SHA512
  
  7dc9c229f6c79f188d4f3df57f7257654effec8a3ead340cfbece639b68469c5a4cc06986360f75c5c1bfd24216366703159b3946f61e25153042bf46a4abe4d
- SSDEEP
  
  98304:S3JV0DgpleTM787SmtJ84kCDqRW/0Grx4vPuvD9luwUilCHHitpQeUhE2j3HTDrH:CfRyJruSxdO1A5IXL5BpSehSE6uKw5
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1