General

  • Target

    tsd-setup.exe

  • Size

    29.3MB

  • Sample

    230919-y1c1vsbh3v

  • MD5

    d37ce788cb61d7e0aa636b12f5cab302

  • SHA1

    1dd729a656b504ef76acecfa150a995e7e7db47c

  • SHA256

    ca1ded6542eef8263d083f20ab9531ce9c47309f386e5cde44e8e38797abd40b

  • SHA512

    a320c0988d8bf0498af780e65730dc7712b93463f2f4f3b68a66bc215a1678b72bb5736430dbf3ea3a355922fc14e4ced5056634c8a0bc6ab965fe56889d0277

  • SSDEEP

    786432:4Pf4jnS+Df2AoORtCnSZuvUpCV18JZzrilvSwK+PbJrgRG:4Ijnx8OfWwy1mZz+l1KeRgk

Malware Config

Targets

    • Target

      tsd-setup.exe

    • Size

      29.3MB

    • MD5

      d37ce788cb61d7e0aa636b12f5cab302

    • SHA1

      1dd729a656b504ef76acecfa150a995e7e7db47c

    • SHA256

      ca1ded6542eef8263d083f20ab9531ce9c47309f386e5cde44e8e38797abd40b

    • SHA512

      a320c0988d8bf0498af780e65730dc7712b93463f2f4f3b68a66bc215a1678b72bb5736430dbf3ea3a355922fc14e4ced5056634c8a0bc6ab965fe56889d0277

    • SSDEEP

      786432:4Pf4jnS+Df2AoORtCnSZuvUpCV18JZzrilvSwK+PbJrgRG:4Ijnx8OfWwy1mZz+l1KeRgk

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks