General
-
Target
vitutal machine.txt
-
Size
97B
-
Sample
240415-lqvrpsbd55
-
MD5
c2a2e4d1d0190d49c53480b02cab822c
-
SHA1
762faf6a49f4576084974ca863baa0fe1140fff0
-
SHA256
f2cbc0eb801c258d1edeb4ac4c18481994a82fd4a81794b5f11d223f95c1de07
-
SHA512
de51d4888dba6766cfa00643e0181a4e2d37c9db78aa1d659ce1e4828df5d2d742091c441846faa27d86c22b0d179578cfea29193059bc6c32a9bf8c00ba5499
Static task
static1
Malware Config
Targets
-
-
Target
vitutal machine.txt
-
Size
97B
-
MD5
c2a2e4d1d0190d49c53480b02cab822c
-
SHA1
762faf6a49f4576084974ca863baa0fe1140fff0
-
SHA256
f2cbc0eb801c258d1edeb4ac4c18481994a82fd4a81794b5f11d223f95c1de07
-
SHA512
de51d4888dba6766cfa00643e0181a4e2d37c9db78aa1d659ce1e4828df5d2d742091c441846faa27d86c22b0d179578cfea29193059bc6c32a9bf8c00ba5499
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4