16d9f62af1708ebfd613da5aa4f6a4f6ce2f5273c339bbc939b4bbce9b643fd0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45a6c57f8a7227958658a32bdaa867f3
Size

2.8MB
Sample

231226-aj7l5scdfn
MD5

45a6c57f8a7227958658a32bdaa867f3
SHA1

785dd8400ed4489955ffbe332964eac11f69c500
SHA256

16d9f62af1708ebfd613da5aa4f6a4f6ce2f5273c339bbc939b4bbce9b643fd0
SHA512

ad264b2224320a0d100e5821529932ac6682fca1a93e235028bce47883ef365533ab0823e02a746a79ea01d8f883c9459ee3ff778e477b538cf2194142627bba
SSDEEP

49152:m/OuKcIW+edihb7eV2gQiNxXAruSZRzLZhl7yQOQ3ZnpC1d:TuKcRAc2OHAruSZRzLZHzOSZnpCj

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  45a6c57f8a7227958658a32bdaa867f3
- Size
  
  2.8MB
- MD5
  
  45a6c57f8a7227958658a32bdaa867f3
- SHA1
  
  785dd8400ed4489955ffbe332964eac11f69c500
- SHA256
  
  16d9f62af1708ebfd613da5aa4f6a4f6ce2f5273c339bbc939b4bbce9b643fd0
- SHA512
  
  ad264b2224320a0d100e5821529932ac6682fca1a93e235028bce47883ef365533ab0823e02a746a79ea01d8f883c9459ee3ff778e477b538cf2194142627bba
- SSDEEP
  
  49152:m/OuKcIW+edihb7eV2gQiNxXAruSZRzLZhl7yQOQ3ZnpC1d:TuKcRAc2OHAruSZRzLZHzOSZnpCj
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2