8ab8e17f8801a7b21ee92ad494dd81fba4c857d9f94043ec1727c843d89fb839 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ab8e17f8801a7b21ee92ad494dd81fba4c857d9f94043ec1727c843d89fb839
Size

1.8MB
Sample

231011-nnrclseb44
MD5

32ca27d5974679fe7cf7e012b0b6c003
SHA1

1e7b894184071453d55e396f46566a77f037c4dc
SHA256

8ab8e17f8801a7b21ee92ad494dd81fba4c857d9f94043ec1727c843d89fb839
SHA512

5de87bc5bcdc309f26e418bfa88c0f9f08bf9fbde5407f1675c7e78baa2858f01df69ec28996efe0fb277d31aca86d53ff0469175325639e4d646f09cfc78e79
SSDEEP

24576:oXqM74u6Ua0bx+Gx9vmDFrfajHY3usxuthJDcSF:ot4vjmHxVmDFbe9hl

Score

9^/10

evasion persistence

Malware Config

Targets

- Target
  
  8ab8e17f8801a7b21ee92ad494dd81fba4c857d9f94043ec1727c843d89fb839
- Size
  
  1.8MB
- MD5
  
  32ca27d5974679fe7cf7e012b0b6c003
- SHA1
  
  1e7b894184071453d55e396f46566a77f037c4dc
- SHA256
  
  8ab8e17f8801a7b21ee92ad494dd81fba4c857d9f94043ec1727c843d89fb839
- SHA512
  
  5de87bc5bcdc309f26e418bfa88c0f9f08bf9fbde5407f1675c7e78baa2858f01df69ec28996efe0fb277d31aca86d53ff0469175325639e4d646f09cfc78e79
- SSDEEP
  
  24576:oXqM74u6Ua0bx+Gx9vmDFrfajHY3usxuthJDcSF:ot4vjmHxVmDFbe9hl
Score

9^/10

evasion persistence
- Looks for VirtualBox drivers on disk
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

File and Directory Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence