1533629ea7819e0cc5ae30ebd3a3ed467c56ff6e67b4a973832bc1a90e94c92d | Triage

Sharing

General

Target

启动器5.exe
Size

8.6MB
Sample

230719-lt2z7acg5y
MD5

427a6f4998a86ac166094df773204e15
SHA1

4f9d98837fdb519051c990dbd722f95cd53bb3d0
SHA256

1533629ea7819e0cc5ae30ebd3a3ed467c56ff6e67b4a973832bc1a90e94c92d
SHA512

b4b368904d3b6d4fd6ce2955f38044f55f9f7e98419b91f073c992d1e6e4d84da2daae1a1216cedb95a21e43360421d5ff8232da02c4d5002b639e4335312d62
SSDEEP

98304:/r3frjoeEg5qcAd4p5BlmkC+/C4OWoHI7NINa4tqR+zqbJ278QnV4jEMSD6BXlkz:/7frMM5qr4FlmIdCIetOl27qEMSOsJ

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  启动器5.exe
- Size
  
  8.6MB
- MD5
  
  427a6f4998a86ac166094df773204e15
- SHA1
  
  4f9d98837fdb519051c990dbd722f95cd53bb3d0
- SHA256
  
  1533629ea7819e0cc5ae30ebd3a3ed467c56ff6e67b4a973832bc1a90e94c92d
- SHA512
  
  b4b368904d3b6d4fd6ce2955f38044f55f9f7e98419b91f073c992d1e6e4d84da2daae1a1216cedb95a21e43360421d5ff8232da02c4d5002b639e4335312d62
- SSDEEP
  
  98304:/r3frjoeEg5qcAd4p5BlmkC+/C4OWoHI7NINa4tqR+zqbJ278QnV4jEMSD6BXlkz:/7frMM5qr4FlmIdCIetOl27qEMSOsJ
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2