Resubmissions

08-12-2023 21:49

231208-1pd5wseed7 9

08-12-2023 21:32

231208-1d5hpsedh7 10

General

  • Target

    Abbys Loader.exe

  • Size

    8.3MB

  • Sample

    231208-1pd5wseed7

  • MD5

    e3ffc5689f47470d27cc887f436a6314

  • SHA1

    6dcd3bd8efe25473799c60e4a5c6bd452c6f173f

  • SHA256

    7cbe7d346f86a0f771e9cd2957f588b28310251461033a1e8e1fa47513f4544c

  • SHA512

    28f644253daf94d4f5032fa9cc2037240d3d35ce5fae90c9f0254db65798baa29079d9e4a0b961b61ffe0cb3e26ae11945a83f84da03565b2fb8b9798e7e4de3

  • SSDEEP

    196608:ib44X4ZJfaTLcGSp5Ri2SiW8kW8oaMjITKYODW:C44X4Z4TLcGSp5b28kKrBvW

Malware Config

Targets

    • Target

      Abbys Loader.exe

    • Size

      8.3MB

    • MD5

      e3ffc5689f47470d27cc887f436a6314

    • SHA1

      6dcd3bd8efe25473799c60e4a5c6bd452c6f173f

    • SHA256

      7cbe7d346f86a0f771e9cd2957f588b28310251461033a1e8e1fa47513f4544c

    • SHA512

      28f644253daf94d4f5032fa9cc2037240d3d35ce5fae90c9f0254db65798baa29079d9e4a0b961b61ffe0cb3e26ae11945a83f84da03565b2fb8b9798e7e4de3

    • SSDEEP

      196608:ib44X4ZJfaTLcGSp5Ri2SiW8kW8oaMjITKYODW:C44X4Z4TLcGSp5b28kKrBvW

    • Looks for VirtualBox Guest Additions in registry

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Looks for VMWare Tools registry key

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks