General
-
Target
tmp
-
Size
6.1MB
-
Sample
231222-hk3zcadah8
-
MD5
a9ab5111bd45ac06105a6e2c87af245d
-
SHA1
8d76daf0cc3b47103249907b2996d096da836450
-
SHA256
9b5fbf587b30511d8fb6e84fd506e9f7c3c052eb68fcc6a1f7fca0297835f556
-
SHA512
db4f7e2fe468eb74775176d6b4db084b9be7ea8162dd2d46a54ab5916f0300df48112813757e6744e0bf426342a5c736e646ad7867356a98e025455f6ec4025c
-
SSDEEP
196608:GuzaEoqiYQwsPiJI2V1he1jCfGdfip6Spbv0fZ:GWqDhiJ7VS1jCfGU6ibMZ
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
tmp
-
Size
6.1MB
-
MD5
a9ab5111bd45ac06105a6e2c87af245d
-
SHA1
8d76daf0cc3b47103249907b2996d096da836450
-
SHA256
9b5fbf587b30511d8fb6e84fd506e9f7c3c052eb68fcc6a1f7fca0297835f556
-
SHA512
db4f7e2fe468eb74775176d6b4db084b9be7ea8162dd2d46a54ab5916f0300df48112813757e6744e0bf426342a5c736e646ad7867356a98e025455f6ec4025c
-
SSDEEP
196608:GuzaEoqiYQwsPiJI2V1he1jCfGdfip6Spbv0fZ:GWqDhiJ7VS1jCfGU6ibMZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1