e9f944ab296bcaa235eb584d6b7fa2811fc1a0f3bc2596a99675cdd114cdfcf5 | Triage

Sharing

General

Target

Electron.exe
Size

3.9MB
Sample

240421-bhrd7seh68
MD5

28564f4fbb6558373cbb82469ef2587d
SHA1

2c8f089df7a8d2dfce7c4c29af2db6eda5940d80
SHA256

e9f944ab296bcaa235eb584d6b7fa2811fc1a0f3bc2596a99675cdd114cdfcf5
SHA512

5e1df4736aaa9008ac7922a242ec15fb6644b90973880c378182f11d14834b431ead370684f1abf7c93dcdb3f1518f068a9c8bc459e4572ce19c8178374b7021
SSDEEP

98304:xkKnhd6yuxhRsHHfrIHj8yBzAziXOhhFa:mEhoyuEHcjJBzAzJhhFa

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  Electron.exe
- Size
  
  3.9MB
- MD5
  
  28564f4fbb6558373cbb82469ef2587d
- SHA1
  
  2c8f089df7a8d2dfce7c4c29af2db6eda5940d80
- SHA256
  
  e9f944ab296bcaa235eb584d6b7fa2811fc1a0f3bc2596a99675cdd114cdfcf5
- SHA512
  
  5e1df4736aaa9008ac7922a242ec15fb6644b90973880c378182f11d14834b431ead370684f1abf7c93dcdb3f1518f068a9c8bc459e4572ce19c8178374b7021
- SSDEEP
  
  98304:xkKnhd6yuxhRsHHfrIHj8yBzAziXOhhFa:mEhoyuEHcjJBzAzJhhFa
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1