General
-
Target
97273d65603839cf542745359470e8ba
-
Size
4.4MB
-
Sample
240212-pnlb2aeh37
-
MD5
97273d65603839cf542745359470e8ba
-
SHA1
d96f1ec8be081e2226f4ca4384f5fcb9f4613f86
-
SHA256
51a9f6c8be826bf9b121848ee255138e73032e3a89f49c3a4d0ae35576e8f645
-
SHA512
1d2bc504969ebeaf9ff4c3dbc562d102976f11caf1f2abcceee23c3078178d241adea0e097c0521abf3872a486b8c0ad5aeeae273703a30f80387918093326b0
-
SSDEEP
98304:JeIt5UwFAoIQ5unMssx3MwCGN/g9Z+KRvubPBdK9+:JeECwF9qMF8Y/g9AjbPrM+
Malware Config
Targets
-
-
Target
97273d65603839cf542745359470e8ba
-
Size
4.4MB
-
MD5
97273d65603839cf542745359470e8ba
-
SHA1
d96f1ec8be081e2226f4ca4384f5fcb9f4613f86
-
SHA256
51a9f6c8be826bf9b121848ee255138e73032e3a89f49c3a4d0ae35576e8f645
-
SHA512
1d2bc504969ebeaf9ff4c3dbc562d102976f11caf1f2abcceee23c3078178d241adea0e097c0521abf3872a486b8c0ad5aeeae273703a30f80387918093326b0
-
SSDEEP
98304:JeIt5UwFAoIQ5unMssx3MwCGN/g9Z+KRvubPBdK9+:JeECwF9qMF8Y/g9AjbPrM+
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Registers new Print Monitor
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
2