General

  • Target

    97273d65603839cf542745359470e8ba

  • Size

    4.4MB

  • Sample

    240212-pnlb2aeh37

  • MD5

    97273d65603839cf542745359470e8ba

  • SHA1

    d96f1ec8be081e2226f4ca4384f5fcb9f4613f86

  • SHA256

    51a9f6c8be826bf9b121848ee255138e73032e3a89f49c3a4d0ae35576e8f645

  • SHA512

    1d2bc504969ebeaf9ff4c3dbc562d102976f11caf1f2abcceee23c3078178d241adea0e097c0521abf3872a486b8c0ad5aeeae273703a30f80387918093326b0

  • SSDEEP

    98304:JeIt5UwFAoIQ5unMssx3MwCGN/g9Z+KRvubPBdK9+:JeECwF9qMF8Y/g9AjbPrM+

Malware Config

Targets

    • Target

      97273d65603839cf542745359470e8ba

    • Size

      4.4MB

    • MD5

      97273d65603839cf542745359470e8ba

    • SHA1

      d96f1ec8be081e2226f4ca4384f5fcb9f4613f86

    • SHA256

      51a9f6c8be826bf9b121848ee255138e73032e3a89f49c3a4d0ae35576e8f645

    • SHA512

      1d2bc504969ebeaf9ff4c3dbc562d102976f11caf1f2abcceee23c3078178d241adea0e097c0521abf3872a486b8c0ad5aeeae273703a30f80387918093326b0

    • SSDEEP

      98304:JeIt5UwFAoIQ5unMssx3MwCGN/g9Z+KRvubPBdK9+:JeECwF9qMF8Y/g9AjbPrM+

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Registers new Print Monitor

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks