Overview

overview

9

Static

static

1

28c0be675b...33.exe

windows7-x64

9

28c0be675b...33.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28c0be675bfeba553858558bd1cb69768b7dbfa1de5284dfb268fe27b2c33933

  • Size

    11.2MB

  • Sample

    240309-gpmmgsdc96

  • MD5

    78b4868e9a8924c72d1571afb042db46

  • SHA1

    2ef627a0179ca6020bab6229ba78f32dc0c2b543

  • SHA256

    28c0be675bfeba553858558bd1cb69768b7dbfa1de5284dfb268fe27b2c33933

  • SHA512

    ed0ba4abe37efd84ecd33a352255d1c837aa95f51714243c476c4328a5e263ac3dd1a19b1eca81aa24651ae431ea28715500a241efa252c043d3eeb9682224b7

  • SSDEEP

    196608:fQMfincd2BIb9g2mStk0SJR6H6HAZPMmdQSEqDr5zhee4+IumAewQfrVPN4:fV32BQg2mAkNHqdGSEUzQtumAarJ+

Score
9/10
evasion

Malware Config

Targets

    • Target

      28c0be675bfeba553858558bd1cb69768b7dbfa1de5284dfb268fe27b2c33933

    • Size

      11.2MB

    • MD5

      78b4868e9a8924c72d1571afb042db46

    • SHA1

      2ef627a0179ca6020bab6229ba78f32dc0c2b543

    • SHA256

      28c0be675bfeba553858558bd1cb69768b7dbfa1de5284dfb268fe27b2c33933

    • SHA512

      ed0ba4abe37efd84ecd33a352255d1c837aa95f51714243c476c4328a5e263ac3dd1a19b1eca81aa24651ae431ea28715500a241efa252c043d3eeb9682224b7

    • SSDEEP

      196608:fQMfincd2BIb9g2mStk0SJR6H6HAZPMmdQSEqDr5zhee4+IumAewQfrVPN4:fV32BQg2mAkNHqdGSEUzQtumAarJ+

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks