General

  • Target

    tmp

  • Size

    5.5MB

  • Sample

    230911-vpn27shc6s

  • MD5

    a92a908cae30b9b020244bedf61a1dd4

  • SHA1

    a45bf660ae267b2c8027327b2b97c61faa88d9ae

  • SHA256

    ae14b287be4c2cb072802d65693beeb9efecefd6e6de5994abe49546b8ca0308

  • SHA512

    beab8787db9e978c0db067f0cbc2acff56033f1343bbde5ed6ff364b9ce241cdac00c33f66e799ad6a693a7dd7eb54274c11010fa4c087b18a31fb408cd10fba

  • SSDEEP

    98304:pHrMX3ZbN6mocwdMpXYI6A2XwY0o7r5QBa2lAo3WTsKVnd/9lSD/WFIxUBzqHy:1MnZZPocwGpoRRXwY9rb2moBKVd/9lEJ

Score
9/10

Malware Config

Targets

    • Target

      tmp

    • Size

      5.5MB

    • MD5

      a92a908cae30b9b020244bedf61a1dd4

    • SHA1

      a45bf660ae267b2c8027327b2b97c61faa88d9ae

    • SHA256

      ae14b287be4c2cb072802d65693beeb9efecefd6e6de5994abe49546b8ca0308

    • SHA512

      beab8787db9e978c0db067f0cbc2acff56033f1343bbde5ed6ff364b9ce241cdac00c33f66e799ad6a693a7dd7eb54274c11010fa4c087b18a31fb408cd10fba

    • SSDEEP

      98304:pHrMX3ZbN6mocwdMpXYI6A2XwY0o7r5QBa2lAo3WTsKVnd/9lSD/WFIxUBzqHy:1MnZZPocwGpoRRXwY9rb2moBKVd/9lEJ

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks