57b9bfa63d185937c1c9bdc9abfaf79eb0e1908c9d4ce9b0fa03716d88333e93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9f519f5fb9cb0ebd14806acd9cf66ab5.bin
Size

3.9MB
Sample

240101-b6l5dscca7
MD5

957977009068224d35ded0f481ee137f
SHA1

d129b6e6068d14ada7cd4c2fb41a1db05c499afb
SHA256

57b9bfa63d185937c1c9bdc9abfaf79eb0e1908c9d4ce9b0fa03716d88333e93
SHA512

9a6750e57cbf390855469667f3fdc08ca82afdc43ebd94f8624dc7f88ae5ec8fe2424d2a2013e6d93548c26f40e326f8a7a35f30973a7fe02e242e11aac3e5a6
SSDEEP

98304:KYxURA1LGBxs1YPa9Z6vEnOHjMNr9hGk/DtvfPKWAIta/TN:W8Lws1Ea94Durb//RncIsh

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  d73dbf1fa705bb2e5cd0cec081a8656330357a6e58b049ad2d4301f679f17a0f.exe
- Size
  
  4.0MB
- MD5
  
  9f519f5fb9cb0ebd14806acd9cf66ab5
- SHA1
  
  91ec11da92790eff67ad97c1c5c8d584be48f6a9
- SHA256
  
  d73dbf1fa705bb2e5cd0cec081a8656330357a6e58b049ad2d4301f679f17a0f
- SHA512
  
  2dc6795410a99ffe71a80a65558a128997bb96f21afe0538cdd5c50788b363200d946113be998c9bbe8e93448485a2639e87b3873bdd0ebec61b096152998c8c
- SSDEEP
  
  98304:GG+ZmOez/28kIHiidaK5nn2bdA6d005gTa:GF4OezVDV1g0Wg
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2