9043ac1bb2501b4ef75b7198235f9ee496d06fc8908f0327444d37fb34eb20ce | Triage

Sharing

General

Target

adwq.rar
Size

8.3MB
Sample

240223-br35cshg95
MD5

902e2771bdeec8322472b270a80ee74e
SHA1

7ea3d6efb8ac692bd9528ee20ad99f6a9b0de340
SHA256

9043ac1bb2501b4ef75b7198235f9ee496d06fc8908f0327444d37fb34eb20ce
SHA512

d8979a437579a6c144acc04a7e6a8f9320e46aaf02e6760754bd3902139d25c0d5370ea0bffbdd2b59b149954bc2cad51e5de77bbda85f2933e83bd109309cf0
SSDEEP

196608:Escxg85gpF8wAwAH+ITapyyr75D/6+O8gE01k9+mAXz97ZR1R3Cap5++xUk8An:OnJwu9TaN1EkIxXzV1RF5BxP8An

Score

9^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  adwq/Lunar Client v3.2.3.exe
- Size
  
  1.0MB
- MD5
  
  0814a485d44ded97e275e8e80f6c17ca
- SHA1
  
  69862f6fb82651f3a097fe7554440537ea0f1a90
- SHA256
  
  560b03c4ba18e5a443f74a69727db0eabac6f455bb836757d620cc51615a92ea
- SHA512
  
  bd9abe5bd35d21bb57be9e757a6e7293f9e71738045fff6b53788e36bd442d1b8af21ea38a528ea0910434cc32ac610fbaf4200a6faf615828f47d8b74987dbd
- SSDEEP
  
  24576:s2Oawk0MDhozjDu173pG1szLSvJwnHNiTWQC:MkPDhEjK73pfqvCHH
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  adwq/Proyecto Semestral.exe
- Size
  
  10.6MB
- MD5
  
  50faefd96a3884a0bd06b4c67d53629f
- SHA1
  
  c4445a81135f380d2316b4eee2350b537cbcc364
- SHA256
  
  cfa8e745a7570804047bc0b20accc699960fb77dfa659e9031355088ffb00c33
- SHA512
  
  0ac25c158ccd0914d0fe115c032eb514e0a789debbb0b6691514df43cfb8d3485b4171cef4ed0710627ae5683c704684d3011981eeff5ebb2625140c00b62b5f
- SSDEEP
  
  196608:6RQz0r8ovtaMDiekfc92f6NvRXACKit/YJPw71p/8:6s0r8o1aMWPfbiSwj/8
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4