41ed3a1f7287ba2a0d2b116c049ce9eef6cfd07636908b758fbc2f91fae62dae | Triage

Sharing

General

Target

41ed3a1f7287ba2a0d2b116c049ce9eef6cfd07636908b758fbc2f91fae62dae
Size

1.6MB
Sample

240410-mmd58aff4w
MD5

d25804aa6bd05177e905554e5b06176a
SHA1

93eb2e93972f03d043b6cf0127812fd150ca5ec5
SHA256

41ed3a1f7287ba2a0d2b116c049ce9eef6cfd07636908b758fbc2f91fae62dae
SHA512

3f689ef245b68d412d1042b7c8f3e5623bde7c6b1cf4a09166445209019661ddc07f2e416a68fa2c27f1e5a7979ffbe8a9bf1a2dbec76234f77f86d6cf3727d8
SSDEEP

49152:/mlxqzkcmcBR+2gxN68ic/BwKcn2QfBtUzo:/mlOTBR+Fx20BBktT

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  41ed3a1f7287ba2a0d2b116c049ce9eef6cfd07636908b758fbc2f91fae62dae
- Size
  
  1.6MB
- MD5
  
  d25804aa6bd05177e905554e5b06176a
- SHA1
  
  93eb2e93972f03d043b6cf0127812fd150ca5ec5
- SHA256
  
  41ed3a1f7287ba2a0d2b116c049ce9eef6cfd07636908b758fbc2f91fae62dae
- SHA512
  
  3f689ef245b68d412d1042b7c8f3e5623bde7c6b1cf4a09166445209019661ddc07f2e416a68fa2c27f1e5a7979ffbe8a9bf1a2dbec76234f77f86d6cf3727d8
- SSDEEP
  
  49152:/mlxqzkcmcBR+2gxN68ic/BwKcn2QfBtUzo:/mlOTBR+Fx20BBktT
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2