Overview

overview

9

Static

static

3

fragment_client.exe

windows7-x64

9

fragment_client.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    fragment_client.exe

  • Size

    15.1MB

  • Sample

    230920-t8yv3shd9w

  • MD5

    a82ce8e0d380064226968cca3be82e5e

  • SHA1

    b29842ef68c5189731f2304cff06b31441b384ed

  • SHA256

    5a8d010d380ee8c7387c9561f6cdcc8bdbb0a9e75c74b07d14d2ca714f4c68a6

  • SHA512

    8e8494d60ede5ce0189d8a243e26d371eff195fafaa4f66bf87546efe309b27d7be81e1fd760b172602e0143605dbe5e5ab464e82195cc1b92fed0c5a29d5273

  • SSDEEP

    393216:VwiEwIRpVska4GWfaPKCK71H7n8Q9I75oWq6CsmqDVY0C0Cm2Y5ogyt:GiEwIR3ska4VfYsxHb8/75xEsmcW2T52

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      fragment_client.exe

    • Size

      15.1MB

    • MD5

      a82ce8e0d380064226968cca3be82e5e

    • SHA1

      b29842ef68c5189731f2304cff06b31441b384ed

    • SHA256

      5a8d010d380ee8c7387c9561f6cdcc8bdbb0a9e75c74b07d14d2ca714f4c68a6

    • SHA512

      8e8494d60ede5ce0189d8a243e26d371eff195fafaa4f66bf87546efe309b27d7be81e1fd760b172602e0143605dbe5e5ab464e82195cc1b92fed0c5a29d5273

    • SSDEEP

      393216:VwiEwIRpVska4GWfaPKCK71H7n8Q9I75oWq6CsmqDVY0C0Cm2Y5ogyt:GiEwIR3ska4VfYsxHb8/75xEsmcW2T52

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks