Overview

overview

9

Static

static

3

OneDrive.exe

windows7-x64

9

OneDrive.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OneDrive.png

  • Size

    9.9MB

  • Sample

    240515-p37tksad68

  • MD5

    85c6f8629ff03c6c9b7135ed3c382ae0

  • SHA1

    299c09ba616df6996299e217980144ca7e4ac98c

  • SHA256

    25f3f0c03663754228aee619281fed809ccf271d6a1f427829aca20e737f6c85

  • SHA512

    64dd53613f65fea2b234db9ddeaa822a8173492029cdb96306627b4459c4bf082e6d1192adc376421ee0ddeb0a65c9d783b65892645ad09a4b620a3e6e8a1d9a

  • SSDEEP

    196608:y/iPymidOfdSSd3QsPXD14pbuGuPDv6Mw2mYePsCwRx9xB82tE4dWr5Tf3:y/iosfdPAsPBC9Yeu8WWdTP

Score
9/10
evasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      OneDrive.png

    • Size

      9.9MB

    • MD5

      85c6f8629ff03c6c9b7135ed3c382ae0

    • SHA1

      299c09ba616df6996299e217980144ca7e4ac98c

    • SHA256

      25f3f0c03663754228aee619281fed809ccf271d6a1f427829aca20e737f6c85

    • SHA512

      64dd53613f65fea2b234db9ddeaa822a8173492029cdb96306627b4459c4bf082e6d1192adc376421ee0ddeb0a65c9d783b65892645ad09a4b620a3e6e8a1d9a

    • SSDEEP

      196608:y/iPymidOfdSSd3QsPXD14pbuGuPDv6Mw2mYePsCwRx9xB82tE4dWr5Tf3:y/iosfdPAsPBC9Yeu8WWdTP

    Score
    9/10
    evasionexecutionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks