5c56c83e12a350356d2604c2f41b0a0f6ae36d7f5c118e0cd65258604a6dc922 | Triage

Sharing

General

Target

etabs_v21_kg.exe
Size

2.6MB
Sample

240219-1xy52aeh22
MD5

6cf5ac6015952655a02c5ed140e8000d
SHA1

ed410bf9c04b337d1e326a0bdb6631790ab6429c
SHA256

5c56c83e12a350356d2604c2f41b0a0f6ae36d7f5c118e0cd65258604a6dc922
SHA512

fc10b16717e4240420f070e26732f829bc0b95a69be5838aeaeae6be38742b4b2d361271e631fb5c9d978a7d2f2e98668ef1cffe37a647d9e300264175f6af70
SSDEEP

49152:85OiwBSGFvc0kjG9QkvUHv6Raut/Ye1x57Xe2SQwL:/iwBO0spz6RBVY+x5LeRQ

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  etabs_v21_kg.exe
- Size
  
  2.6MB
- MD5
  
  6cf5ac6015952655a02c5ed140e8000d
- SHA1
  
  ed410bf9c04b337d1e326a0bdb6631790ab6429c
- SHA256
  
  5c56c83e12a350356d2604c2f41b0a0f6ae36d7f5c118e0cd65258604a6dc922
- SHA512
  
  fc10b16717e4240420f070e26732f829bc0b95a69be5838aeaeae6be38742b4b2d361271e631fb5c9d978a7d2f2e98668ef1cffe37a647d9e300264175f6af70
- SSDEEP
  
  49152:85OiwBSGFvc0kjG9QkvUHv6Raut/Ye1x57Xe2SQwL:/iwBO0spz6RBVY+x5LeRQ
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2