91b861cdf4a5f60b3d40b48e9357fc8e586f203022d22345764be5035e2fe724 | Triage

Sharing

General

Target

hairtist.exe
Size

4.8MB
Sample

240428-l9qbbsdf2z
MD5

8bdb368fe2ccdd70d3f0f4fe1b69b080
SHA1

ea6f62f0aa53c921d579e1c50fcf2f68e2b2dbf1
SHA256

91b861cdf4a5f60b3d40b48e9357fc8e586f203022d22345764be5035e2fe724
SHA512

0ba49b2cc9f5615eadb18fdbcb319bc4191b9e56817814dd8ec279d7c7eb592e7f42e6054f4eed6a09763bbd74df802188fa2a84d9a1542b1df233de5c511cd6
SSDEEP

98304:3y3Raqqrq5TliunkEY4W4GuY2j3TrVkomgsCuf9R624jTqekgjyVKRj1h:ovllFkE5VlTPKpgsCuf16qe3xb

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  hairtist.exe
- Size
  
  4.8MB
- MD5
  
  8bdb368fe2ccdd70d3f0f4fe1b69b080
- SHA1
  
  ea6f62f0aa53c921d579e1c50fcf2f68e2b2dbf1
- SHA256
  
  91b861cdf4a5f60b3d40b48e9357fc8e586f203022d22345764be5035e2fe724
- SHA512
  
  0ba49b2cc9f5615eadb18fdbcb319bc4191b9e56817814dd8ec279d7c7eb592e7f42e6054f4eed6a09763bbd74df802188fa2a84d9a1542b1df233de5c511cd6
- SSDEEP
  
  98304:3y3Raqqrq5TliunkEY4W4GuY2j3TrVkomgsCuf9R624jTqekgjyVKRj1h:ovllFkE5VlTPKpgsCuf16qe3xb
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2