General
-
Target
c22503e75f216b47dc3e13a410c79b53511d16d733ed1fc99ccc891c244d40a0
-
Size
4.4MB
-
Sample
231105-kphv3sdd51
-
MD5
a3b8eb63491c477a4ef2699c6f79cff2
-
SHA1
0fc8a442bdb80cfc9f29925b8c88a2cb9c57decb
-
SHA256
c22503e75f216b47dc3e13a410c79b53511d16d733ed1fc99ccc891c244d40a0
-
SHA512
e5de6c9743bd740790993f45a843d2a7c5caf9ba64f2336d729b2b8947dc570bb9caa218db1965a05fe047a5a8c7d0e7523950c80af0e9f388d222681306fa5b
-
SSDEEP
98304:0OavURiG1aAGIh2NbceYfXwkqjdinnXMqBLVP2JF8t/R6kYc:uvMFaKObcFfXw7jUXvreJ+t
Malware Config
Targets
-
-
Target
c22503e75f216b47dc3e13a410c79b53511d16d733ed1fc99ccc891c244d40a0
-
Size
4.4MB
-
MD5
a3b8eb63491c477a4ef2699c6f79cff2
-
SHA1
0fc8a442bdb80cfc9f29925b8c88a2cb9c57decb
-
SHA256
c22503e75f216b47dc3e13a410c79b53511d16d733ed1fc99ccc891c244d40a0
-
SHA512
e5de6c9743bd740790993f45a843d2a7c5caf9ba64f2336d729b2b8947dc570bb9caa218db1965a05fe047a5a8c7d0e7523950c80af0e9f388d222681306fa5b
-
SSDEEP
98304:0OavURiG1aAGIh2NbceYfXwkqjdinnXMqBLVP2JF8t/R6kYc:uvMFaKObcFfXw7jUXvreJ+t
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1