cd601f67c1725d57b8a4239378eef72baabd3f50b42967318c3864a2b0c51ecb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

echo-F82C61-Nzg2Njg3-l=RtNp-f.exe
Size

15.9MB
Sample

240113-yj6lvaddel
MD5

fbb2df189ef881accd51591bd08e6049
SHA1

163fb496ff085356745a7db39513046311b9101b
SHA256

cd601f67c1725d57b8a4239378eef72baabd3f50b42967318c3864a2b0c51ecb
SHA512

2d2b9efdd47af0214ca4a7f9b92100dfb8a3c19f9179a860c53967fda39c99e8164dea9eafe43f9a09544dedd877ee2ad0e812eae214ed11abe475ec741748de
SSDEEP

196608:jCHz+d/TzVVzrkGwQ4vvuY6bX7jeYg+pyatKY8:2T+dzsGwPvDEX7jeYgPtY8

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  echo-F82C61-Nzg2Njg3-l=RtNp-f.exe
- Size
  
  15.9MB
- MD5
  
  fbb2df189ef881accd51591bd08e6049
- SHA1
  
  163fb496ff085356745a7db39513046311b9101b
- SHA256
  
  cd601f67c1725d57b8a4239378eef72baabd3f50b42967318c3864a2b0c51ecb
- SHA512
  
  2d2b9efdd47af0214ca4a7f9b92100dfb8a3c19f9179a860c53967fda39c99e8164dea9eafe43f9a09544dedd877ee2ad0e812eae214ed11abe475ec741748de
- SSDEEP
  
  196608:jCHz+d/TzVVzrkGwQ4vvuY6bX7jeYg+pyatKY8:2T+dzsGwPvDEX7jeYgPtY8
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2