Overview

overview

9

Static

static

1

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    1023KB

  • Sample

    230921-rclvjaad63

  • MD5

    67e741557eaa3124261105bff38bc62a

  • SHA1

    a2a0543d6b61ac0a9380cb6d64f78b16951912e0

  • SHA256

    b2e6a04435ab8d41a5a259072b6c29dec30caa05ed1ec2a8bae2b2670573981e

  • SHA512

    ce95336095b5a6f3faef4944794fd8cc7fda5b5f9db31c3211532a7c03b3c94106978bcbb5de4a5fdbd06024ec90215b1b7fd6fa816309907073e7da6a55522f

  • SSDEEP

    12288:oVDH4arSas0SRUXA5S9ZgvlZW9AxBK8ctBGOKLDcEHDqYocAXrexgPlBo8Ker5+m:24arTs0S2Q5SgitBj+RacAXUUBLeJ4/

Score
9/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      tmp

    • Size

      1023KB

    • MD5

      67e741557eaa3124261105bff38bc62a

    • SHA1

      a2a0543d6b61ac0a9380cb6d64f78b16951912e0

    • SHA256

      b2e6a04435ab8d41a5a259072b6c29dec30caa05ed1ec2a8bae2b2670573981e

    • SHA512

      ce95336095b5a6f3faef4944794fd8cc7fda5b5f9db31c3211532a7c03b3c94106978bcbb5de4a5fdbd06024ec90215b1b7fd6fa816309907073e7da6a55522f

    • SSDEEP

      12288:oVDH4arSas0SRUXA5S9ZgvlZW9AxBK8ctBGOKLDcEHDqYocAXrexgPlBo8Ker5+m:24arTs0S2Q5SgitBj+RacAXUUBLeJ4/

    Score
    9/10
    evasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks