318c774c725d9592b8b01c31a02a4c4c089df7cff9632b68ec2dea3f27df04a7 | Triage

Sharing

General

Target

NEAS.77fa64b54cbea04fde9864c1a65c6420_JC.exe
Size

4.3MB
Sample

231102-1elrzshg96
MD5

77fa64b54cbea04fde9864c1a65c6420
SHA1

0993781394414de559254b6548313640d905fc66
SHA256

318c774c725d9592b8b01c31a02a4c4c089df7cff9632b68ec2dea3f27df04a7
SHA512

8c29597af90126a4a02e7fa0acabb5752b2bc3cfaeadf123136c6c97551b2c118796d30e8cfcb4adaf0f88d74f3007510c36923258551e15334d4585c40ea5c5
SSDEEP

98304:Wqk4ILk7dnuVj0qh2HYu44NWyZwV3buy24MWzJ5xQr4rO51CxokuRsBx4lV:WlkRcAqh2HYlbyZwVrnZtJMEryA0R2mr

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  NEAS.77fa64b54cbea04fde9864c1a65c6420_JC.exe
- Size
  
  4.3MB
- MD5
  
  77fa64b54cbea04fde9864c1a65c6420
- SHA1
  
  0993781394414de559254b6548313640d905fc66
- SHA256
  
  318c774c725d9592b8b01c31a02a4c4c089df7cff9632b68ec2dea3f27df04a7
- SHA512
  
  8c29597af90126a4a02e7fa0acabb5752b2bc3cfaeadf123136c6c97551b2c118796d30e8cfcb4adaf0f88d74f3007510c36923258551e15334d4585c40ea5c5
- SSDEEP
  
  98304:Wqk4ILk7dnuVj0qh2HYu44NWyZwV3buy24MWzJ5xQr4rO51CxokuRsBx4lV:WlkRcAqh2HYlbyZwVrnZtJMEryA0R2mr
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2