Overview

overview

9

Static

static

3

PH Spoofer.exe

windows7-x64

9

PH Spoofer.exe

windows10-2004-x64

9

Resubmissions

28-04-2024 18:37

240428-w9rt9sed4s 9

28-04-2024 18:36

240428-w875vsea56 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PH Spoofer1.1.rar

  • Size

    276KB

  • Sample

    240428-w9rt9sed4s

  • MD5

    d46c6c089d13ccf6229652b06528dd3c

  • SHA1

    b74d7ddebe175743d1e08c2d1eecc68276867a3e

  • SHA256

    f6199fe0c5630f73c0cd588e71626ab8552fb312e90e441bbe6f1ebd50bc7ccb

  • SHA512

    23fd13b6202281e441056030d5263da048c21f07b0b9da8ac877233527ffd5051dc8b9d9f2611785c29f3dd8d1c2407072a73ded1f5cd4514dc92c580a68197b

  • SSDEEP

    6144:imsx6QtGXsc1xFQzWjlSSyafb+tQTywrubNyIMQ2i+eWq7:imX7dkWBS+b+tdwrubNyI5L+C

Score
9/10
evasionpersistence

Malware Config

Targets

    • Target

      PH Spoofer.exe

    • Size

      309KB

    • MD5

      ae570e5768742a572e36ac8d999c03f5

    • SHA1

      9eabf7fdc94adeb65248f7593cd6f0abd1448ef8

    • SHA256

      7db7e8ba889c41199e657fa9d263c5f18830a35bab6b810e267baadae1d938ae

    • SHA512

      8f46023ad4b561f9fcec5c62eba6a384e95b07dca8baeadcce9bf3039a07fb9adc6f2312a386689d291dad26d8f1476b72d8f5f7bc6a62220683f3ef221552e0

    • SSDEEP

      6144:qKjViFkFl/AAGbFd1cUp3AJEFzqlOcWluW4bLcCCQvjQL85d:2rA6Bl7GcCCQvjQL4d

    Score
    9/10
    evasionpersistence

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks