Overview

overview

9

Static

static

1

tmp.exe

windows7-x64

9

tmp.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    623KB

  • Sample

    230530-t2wr5sag22

  • MD5

    63d2ab075242a38f5c6240cb7eafbd35

  • SHA1

    36621dbe302900010d8dc1916f0fa022885d4d59

  • SHA256

    87513157828305d4d09ff58df2a39eb9e2bdcaa72bd01f11bb86dc56dc164fb2

  • SHA512

    a36109647c4eabfd8c270adf11a0cfd05284c5e411e0ebd3427bffa104eed2337857ebbcbecf29e847a10f76731023d54462d24934e7719e90a60d3bb414035f

  • SSDEEP

    12288:vV38R0oK/pYZ5ptdxOSGd4+A9UfzAddKwlyrq+tZ5mX6h:vV38R0c5HCSGd4+iUfzKsLT5mKh

Score
9/10
evasion

Malware Config

Targets

    • Target

      tmp

    • Size

      623KB

    • MD5

      63d2ab075242a38f5c6240cb7eafbd35

    • SHA1

      36621dbe302900010d8dc1916f0fa022885d4d59

    • SHA256

      87513157828305d4d09ff58df2a39eb9e2bdcaa72bd01f11bb86dc56dc164fb2

    • SHA512

      a36109647c4eabfd8c270adf11a0cfd05284c5e411e0ebd3427bffa104eed2337857ebbcbecf29e847a10f76731023d54462d24934e7719e90a60d3bb414035f

    • SSDEEP

      12288:vV38R0oK/pYZ5ptdxOSGd4+A9UfzAddKwlyrq+tZ5mX6h:vV38R0c5HCSGd4+iUfzKsLT5mKh

    Score
    9/10
    evasion

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks