bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386 | Triage

Resubmissions

08/07/2023, 09:40

230708-lnfj1aeg2v 9

08/07/2023, 09:39

230708-lmydesef9x 9

08/07/2023, 09:37

230708-llx19sdg65 9

Sharing

Copy URL Twitter E-mail

General

Target

triage.exe
Size

12.0MB
Sample

230708-lmydesef9x
MD5

07fde275acbd90a10f43efe04f05e962
SHA1

5bd738c1738a63aa1b229a7c0f03a21d0f80a844
SHA256

bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386
SHA512

55cbab6a3247d4a4373f5a08922498f74ed26d64a282742ac9de2ac1f4ecc96da945aa168abe70821acb8b286adff5a9f23933afef11c1a0022cae6e63d4a8f9
SSDEEP

196608:aCFzl1i8St9HycqMi+wU+hUxYq/CyD2BV4oZQGtK6A1ixoXjCB7vw9Iz/K9cP5dV:LlU8SPH3ni/UxjCjBV4oZHAYn9Y9IzbB

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  triage.exe
- Size
  
  12.0MB
- MD5
  
  07fde275acbd90a10f43efe04f05e962
- SHA1
  
  5bd738c1738a63aa1b229a7c0f03a21d0f80a844
- SHA256
  
  bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386
- SHA512
  
  55cbab6a3247d4a4373f5a08922498f74ed26d64a282742ac9de2ac1f4ecc96da945aa168abe70821acb8b286adff5a9f23933afef11c1a0022cae6e63d4a8f9
- SSDEEP
  
  196608:aCFzl1i8St9HycqMi+wU+hUxYq/CyD2BV4oZQGtK6A1ixoXjCB7vw9Iz/K9cP5dV:LlU8SPH3ni/UxjCjBV4oZHAYn9Y9IzbB
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1