7840ec5e84e144d4e6f0e44a8dd67d3e2dc184eba119d03f632a5fca55910511 | Triage

Resubmissions

21/07/2023, 18:34

230721-w77gyaha8s 9

Sharing

General

Target

Electron.exe
Size

3.9MB
Sample

230721-w77gyaha8s
MD5

ccf5d7397dc95f0fc88594195d42d14a
SHA1

6eac0758ca1e740514a2cd8607045459966e8c96
SHA256

7840ec5e84e144d4e6f0e44a8dd67d3e2dc184eba119d03f632a5fca55910511
SHA512

195c37fac86f101ff91843cb65371ce39fbb623d20d25a3a7b328feb7ee5e0c5b87d2360c850f2ef2d667f8ff0fbea4e2d8ad87b5fb1501d381764efdacca660
SSDEEP

98304:akKnhd65axhRsHHfrIHj8yBzAziXOhhFa:nEho5aEHcjJBzAzJhhFa

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  Electron.exe
- Size
  
  3.9MB
- MD5
  
  ccf5d7397dc95f0fc88594195d42d14a
- SHA1
  
  6eac0758ca1e740514a2cd8607045459966e8c96
- SHA256
  
  7840ec5e84e144d4e6f0e44a8dd67d3e2dc184eba119d03f632a5fca55910511
- SHA512
  
  195c37fac86f101ff91843cb65371ce39fbb623d20d25a3a7b328feb7ee5e0c5b87d2360c850f2ef2d667f8ff0fbea4e2d8ad87b5fb1501d381764efdacca660
- SSDEEP
  
  98304:akKnhd65axhRsHHfrIHj8yBzAziXOhhFa:nEho5aEHcjJBzAzJhhFa
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1