General

  • Target

    a53c24f07e74c9c21bcd958b3cb55540.exe

  • Size

    11.5MB

  • Sample

    240107-xz6q4sdbf2

  • MD5

    a53c24f07e74c9c21bcd958b3cb55540

  • SHA1

    ee4600c00ef9ca5595585c25488f41ad2f98817d

  • SHA256

    a114ccadc8190cd04947c3571d36992b848089da483bb5a145ba674ae59b9434

  • SHA512

    a1f202d88463cbb96bf318cd82cb9132f8f695d7e2d92606e5c8958d21bf4d6ab6366269b0c0a92e39f6c61b101c6c839e223ae69f86ff2ad5077d6aac91ca68

  • SSDEEP

    196608:8F61quO11uiEgZhzaTdVPs0gSH3i+w+K8zOYTVQBEWcuYKCRm8/3wEkP7I838zUf:8F9ESCfg9ZVCpwaG

Malware Config

Targets

    • Target

      a53c24f07e74c9c21bcd958b3cb55540.exe

    • Size

      11.5MB

    • MD5

      a53c24f07e74c9c21bcd958b3cb55540

    • SHA1

      ee4600c00ef9ca5595585c25488f41ad2f98817d

    • SHA256

      a114ccadc8190cd04947c3571d36992b848089da483bb5a145ba674ae59b9434

    • SHA512

      a1f202d88463cbb96bf318cd82cb9132f8f695d7e2d92606e5c8958d21bf4d6ab6366269b0c0a92e39f6c61b101c6c839e223ae69f86ff2ad5077d6aac91ca68

    • SSDEEP

      196608:8F61quO11uiEgZhzaTdVPs0gSH3i+w+K8zOYTVQBEWcuYKCRm8/3wEkP7I838zUf:8F9ESCfg9ZVCpwaG

    • UAC bypass

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks