General
-
Target
fa0fa167e3936cc0d7acdaf7f980d8e3.bin
-
Size
6.1MB
-
Sample
231224-egdy9sfafn
-
MD5
9a5fc90fa9797550007fc257bed151f9
-
SHA1
c7695817fbff44b437ccc7cd91f06996759ad1c2
-
SHA256
800fa58a977a4eb7a356de3c2577a17087dd272886983cc18d7d3d7dc2d20f18
-
SHA512
7e4ef865ee8e82cc5e56ac601af15fca234ae6320afaa8fef375ec5138b6c14503170cdedb70801596e9159ff563ee8c16cc51a4e83719ee20f43198994ff1cb
-
SSDEEP
196608:tu8LKcsnwAmLjy5bBP81VI+iI6nTwmEAuiA:xEnwAWy59P81Vri1nTgL
Static task
static1
Behavioral task
behavioral1
Sample
d52c0665af99127cda4aed83d4f7c4b723fe4848435f7789bd4973c87a31f838.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
d52c0665af99127cda4aed83d4f7c4b723fe4848435f7789bd4973c87a31f838.exe
-
Size
6.1MB
-
MD5
fa0fa167e3936cc0d7acdaf7f980d8e3
-
SHA1
9352a14f71c52af062f9ab8d323d1f53b08e65a5
-
SHA256
d52c0665af99127cda4aed83d4f7c4b723fe4848435f7789bd4973c87a31f838
-
SHA512
eab11df924a643172a5c9fe56f1bc6b877fdadab64c986d6b72bb21304de723cabb11432dc824861ce74644615ab6952721d5402a85b4498da81c1ecfa499a63
-
SSDEEP
196608:4Admesqc+mfhZ/BJ++DFNYEenrwNiM57fNK:Q7fhfJ++DHJen8iy74
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1