636a76d2033f13e90d0bf16699cafa27be4b2d506747e935f5332c9272510b7d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

echo-FE42A0-MzE3MzY5-48BSYh-f.exe
Size

15.7MB
Sample

231122-w42saaea85
MD5

179378954c9e9f0b7fb5e285920fac8a
SHA1

feec5cb5921bd701e9fe4ed93c59bce61987f69b
SHA256

636a76d2033f13e90d0bf16699cafa27be4b2d506747e935f5332c9272510b7d
SHA512

4d88f1618f8df7e4b2e88e50cea227a27656d722aeadec5142b91f86faba338271d50566ce67896a1f952d57bd0513432c2428c187e9afdc6172385ba458e38a
SSDEEP

196608:6cIkcX904Vuwn/nZoi6NQt1D9wzLYv2nnVDG+tyY:fIbt06n/d6Ng1DYUv+nVK+j

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  echo-FE42A0-MzE3MzY5-48BSYh-f.exe
- Size
  
  15.7MB
- MD5
  
  179378954c9e9f0b7fb5e285920fac8a
- SHA1
  
  feec5cb5921bd701e9fe4ed93c59bce61987f69b
- SHA256
  
  636a76d2033f13e90d0bf16699cafa27be4b2d506747e935f5332c9272510b7d
- SHA512
  
  4d88f1618f8df7e4b2e88e50cea227a27656d722aeadec5142b91f86faba338271d50566ce67896a1f952d57bd0513432c2428c187e9afdc6172385ba458e38a
- SSDEEP
  
  196608:6cIkcX904Vuwn/nZoi6NQt1D9wzLYv2nnVDG+tyY:fIbt06n/d6Ng1DYUv+nVK+j
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1