e6c457b01c6f86ed263b658e2a943150e5db2c0e60a049ab8853be4c27664a76 | Triage

Sharing

General

Target

bid.exe
Size

65KB
Sample

240213-yblayahf78
MD5

dfc805fdc139f70a33e00bcd28d66bc9
SHA1

e7eaaaa5e16b4166c7bb552e6c753ef1c38e6287
SHA256

e6c457b01c6f86ed263b658e2a943150e5db2c0e60a049ab8853be4c27664a76
SHA512

2b90f1f729f036821fefcbbe28bb04be5028c844bc1c90c10c3c14da80f3fcbca96a50c9e2a2ea5303ebc769a5eb522f5542273fbb7258ab030bbadb412d1178
SSDEEP

1536:iyMQ47BUaCjKMbyf6b/PjIDD1oZ1iMPswVcl:i52jKxf6b/PjIv1zMPsqY

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  bid.exe
- Size
  
  65KB
- MD5
  
  dfc805fdc139f70a33e00bcd28d66bc9
- SHA1
  
  e7eaaaa5e16b4166c7bb552e6c753ef1c38e6287
- SHA256
  
  e6c457b01c6f86ed263b658e2a943150e5db2c0e60a049ab8853be4c27664a76
- SHA512
  
  2b90f1f729f036821fefcbbe28bb04be5028c844bc1c90c10c3c14da80f3fcbca96a50c9e2a2ea5303ebc769a5eb522f5542273fbb7258ab030bbadb412d1178
- SSDEEP
  
  1536:iyMQ47BUaCjKMbyf6b/PjIDD1oZ1iMPswVcl:i52jKxf6b/PjIv1zMPsqY
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2