General
-
Target
a9c31c5e3e425c8f9d79ab9d327da848.bin
-
Size
6.1MB
-
Sample
231222-b7739aeafq
-
MD5
9b1dea6d76a745bd5f25a883e0273ec5
-
SHA1
c369cb8ad3a87d8ae7a3f7adcec1a8c89b72d50e
-
SHA256
822241533cc876cbc9761f0f30f3791642fe48564129d0f40be38e8baea3f4b7
-
SHA512
47ef804026a9f047b81f5604e32353e27eb6ae858874d389160897fa01b790c824239f45c6ae9ec77025a628e4bce42c148683bd295ad362365922f47d681711
-
SSDEEP
98304:BbfyPGS+Eia9BMUB0cj8i8Y4bpzIes1JLzmyokW/CdKqXx5ImnKzDver5snWPZir:hkUc4ieNzXbyofaxh5Im2rC+UZiwed
Static task
static1
Behavioral task
behavioral1
Sample
c6f8ab2ae2bfff6591d4950f292d04e997e8342e84c4631ee01df43b26745155.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c6f8ab2ae2bfff6591d4950f292d04e997e8342e84c4631ee01df43b26745155.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
c6f8ab2ae2bfff6591d4950f292d04e997e8342e84c4631ee01df43b26745155.exe
-
Size
6.1MB
-
MD5
a9c31c5e3e425c8f9d79ab9d327da848
-
SHA1
3eb936de792d5cf07e15a91e26763d6bb6a31ed8
-
SHA256
c6f8ab2ae2bfff6591d4950f292d04e997e8342e84c4631ee01df43b26745155
-
SHA512
6d04c1d5906dcb7508a6c10f6d06dfd3305bfdeceb78a3cf5b914f6187c1f6e18e0b0f6771a7c719fd78a7dc5891e84a367269fa66f2743e26f8e24b82b1dad4
-
SSDEEP
196608:sGlonyo33iGT+M5CMRdu8IpzGgBZ6pC8B37Cz:OyMSGTJ5CkuHpzGgBsCI38
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1