b2075a6a43316757737cbdba6d46c258961ead7a9ae6ee2f7027b246b8ba08a8 | Triage

Sharing

General

Target

b2075a6a43316757737cbdba6d46c258961ead7a9ae6ee2f7027b246b8ba08a8zip.zip
Size

11.9MB
Sample

231207-x3jqraef59
MD5

526b561766ae9df7eedcbbb7fd71eb48
SHA1

2ab14b38bb4c0ccd587502554d531499463b44db
SHA256

b2075a6a43316757737cbdba6d46c258961ead7a9ae6ee2f7027b246b8ba08a8
SHA512

d945ebb8f1729d15187ef3d557d42a975e79105c8f4a85b0b40ca5c0f4ca3f0762d8c70c2ca37e590760cfd1e191fa0dc6e821d45bb888024d51a9ad8cb1ccc0
SSDEEP

196608:+gjwwxblrwX/RcINpZS8axJDkCs5tEJvpYW2ee324CnKq6sVzDy8rLIgqnZYy/du:+gjwORwvRcINrMpy5tEZpYZY4CnNDysn

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  AnyDesk.exe
- Size
  
  3.6MB
- MD5
  
  7ad3fe26834a30a1bf7fe277a1709e23
- SHA1
  
  4261ad92d93cdd25c0e4a7bf6c71742019eea69c
- SHA256
  
  4857b57e94a509a0cedd1f9fe38b0807d5dd2727012fe6c06c40413a45275c13
- SHA512
  
  c264a26cd8bd0985d2c5a7747813603383c703a4004c6dfae911fb44a24f51cf491091d992f3e828e39c61260e6b6dad5b556331cb47936fbc1cf3a04ca84f68
- SSDEEP
  
  98304:OuVHHn17/icXj0+bnFCvJU6ik5VB2EATliyeTQZKdm52:FH17acXj0uUvJU6n5VABiXTQk
Score

N/A
behavioral1 behavioral2
- Target
  
  LastActivityView.exe
- Size
  
  130KB
- MD5
  
  a19eb1487622a13402c0d63eede58f59
- SHA1
  
  c662772fcd96c7d6decd629af28f26014c506a30
- SHA256
  
  b1b7a772c927b4d3e2e4d59ba69e3fe955506ff80cee0947d54c6b3fabef6860
- SHA512
  
  6b7b676ebac4e3127a63cc1fbde85144d551c7d38330c516ccb0aeaa7558155eefc1dfba3f3d7b18510f8e099c37fa2504f1ff00607f52187a03780fd7f75f94
- SSDEEP
  
  3072:gnk4eDEnIUuBkxlXvVbZTK1TT4ik69L1X7Bom:gngdBeXvpZTK1P4Kp
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  Ocean.exe
- Size
  
  2.3MB
- MD5
  
  406ee8b2243cf8193acd0a0df35f6808
- SHA1
  
  0bf35f3becd6870dc6711a72a1fa2a847f79015d
- SHA256
  
  1227ebbc393db7aaf3b323370fc80cf5a8745ea4eb140a34eed25d6957db7208
- SHA512
  
  d0bddd58918307f74c898c46c308f301ce039c43580cfe01f5dde1bc391daf96b7688cd823f701bb49258700ab42bf4d787a11548af282aa57be8fccf97cfd1c
- SSDEEP
  
  24576:KqRlOPsiDcX/f1t5EWdrTxhYJtjQTac7rl1v0acs+l/VMZyCV1EN/6UdnD88Jw4:prOPsiDcX39drTz/7rkaEl99i2nf
Score

1^/10
behavioral5 behavioral6
- Target
  
  journal-tool.exe
- Size
  
  13.5MB
- MD5
  
  445fbbeb5d7ab4cf029200c856b20d05
- SHA1
  
  50023e87a4b53e23f5b3437aa13f99d7ec887020
- SHA256
  
  8226b5885ea94def0a895da5a98fdcbd826da231a0eaded5bfa380a84cf8d0d9
- SHA512
  
  83735ccd417acba82064391174587e4de7d53b546c7eb902d756ba068518d7ef4bf59ec47e54089d09cb58b702baf7f4fcbf79c25b1327c9db3d6e9e383a1176
- SSDEEP
  
  196608:CcfvFlLGQXArrpgVutHN5cmhJxmzwmjUg35Z6:C8vhXiAutHvgwyUcq
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8
- Target
  
  shellbag.exe
- Size
  
  1.6MB
- MD5
  
  463058236a0d84f8f8982d946eed0e07
- SHA1
  
  800ab71ed3b3bf4fb67fc9e1628e59d0aab8b124
- SHA256
  
  c93a0f4c6b5f24ee31cddb92b0ea3337021b5fb91faae8a381d3bd2c9b6add54
- SHA512
  
  18bd9aea8489c5e873a679da92c83d2739de9532f5751bd23aea9eda226b9a95909f8fd525b0ce47859492997002aee32ecf37bb79e07f24b512287b8fd58a53
- SSDEEP
  
  24576:HM33oPhoNsZ8IbF1lyDt3Ups4yAg7UrA2ei9QgTum+ApT:sHogIJD2y9oIreG
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10