6c4d3c37f79a4751f1c3a8ab4612e4a8a205df08e705c76a608d0b06236a8051 | Triage

Sharing

General

Target

6c4d3c37f79a4751f1c3a8ab4612e4a8a205df08e705c76a608d0b06236a8051
Size

4.0MB
Sample

240429-k7zxbafd6w
MD5

52a188ddbf625029d895360b53568df0
SHA1

494f5689c673c93bfacebdb97490dba872049e8d
SHA256

6c4d3c37f79a4751f1c3a8ab4612e4a8a205df08e705c76a608d0b06236a8051
SHA512

b0ca59b79b01df5215e21f5c179565113ac0851ad707377db9758700cff15a5d0c83fd41e60230cab0f3450db385f3c353d5eb8142849824eace228640dd0443
SSDEEP

98304:F1nbKde+MH4eAWyiV+FmYSSeDdNAhshJdVnWC6GfdQZMp48H/P:F9q9MnyiVfSCkshTok4qX

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  GetFlashInfo_v9.2.0.627_/GetFlashInfo_v9.2.0.627_/GetFlashInfo.exe
- Size
  
  289KB
- MD5
  
  ef46475224a17026846bcec3ce42efd3
- SHA1
  
  ba4b305c595d688fb2e79ff848334f3463ae824b
- SHA256
  
  27c99c34ad4527d2cb4e9352de536e7a03caf69afa25626850d2a05abed1d29e
- SHA512
  
  32e2d2227a05ca3a24deaec17e924ceadfb860ffaa4c41fb4882db0f2289a5d2f5b5b5d304e8d9ea0e1144e1a73c9cfc0580770e462dcfafeca1d7d6829dfca4
- SSDEEP
  
  6144:4t0Nn45tEIZ49Eu7tMyKeHyhU/GINTyWqdZLbS2Z4:4t0Nn45tg9HhKpUuPWYp
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  GetFlashInfo_v9.2.0.627_/GetFlashInfo_v9.2.0.627_/gfienc.dll
- Size
  
  5.9MB
- MD5
  
  6ae064d5d426433a72f6bf1530f0ce69
- SHA1
  
  6b6dbec445f77e3e667aedfc1ef7f99697c501b1
- SHA256
  
  349459ba5ed6ddcd33a1cc968ea536fee099c9d65fd65f8e6efab2afa54c03eb
- SHA512
  
  4bafe6983523ba0f0cca8f71ca7adaff7c17b9ba5bef9cac72c4fa41e98cdd69499c22646258ed83aa3b6e7889f50272f6dcde9ae6fda95a74206612c1baac27
- SSDEEP
  
  98304:yA9sW78WKuXu+G/YuyuMFqgVqVLWDTPc6lj1dv8MCy3Bs:nPqgNc69DvXCKBs
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  GetFlashInfo_v9.2.0.627_/Readme-ZOL.htm
- Size
  
  2KB
- MD5
  
  cb3eedb39a4b19375c929dd1ce6a671b
- SHA1
  
  c9321aafb5c98195aa35a54ae30f8aed8530d589
- SHA256
  
  7a0421963c81fb48f71c8a7727d9f33ec023b574befc6b35981aa388279086d7
- SHA512
  
  3dad8489626f5d87c6c0b8747908643a1f59df421821688ac272a19473f73427e707e4cea981fd1274d03ab597d22758f7c91f575369b15e7ab795d01c88e12e
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6