General

  • Target

    2c9b210368b61b07c49a03362a50f09bc56fdc014403e84dcd6e5b9cbf6d222a

  • Size

    8.1MB

  • Sample

    240523-ftzxyaeg75

  • MD5

    20b9497d1553008661299125ed5c1500

  • SHA1

    dbe373300c2df57307a587f0cb924ef9b9b28524

  • SHA256

    2c9b210368b61b07c49a03362a50f09bc56fdc014403e84dcd6e5b9cbf6d222a

  • SHA512

    d1df4e17b3cc9380d18947a8125aeaf67180920ff209a5a92fbf167229c3d1b1d60b2c636f23ea1e4f18975efb6d5afefd6180389e0224f982c2e6202d8b6512

  • SSDEEP

    196608:sBNYWIKYmYJCSgJjYUyjQxYkAhW1TET+ivmIH/de:sBNYVvISgJjYUyjlkAhWBTivmq/de

Malware Config

Targets

    • Target

      2c9b210368b61b07c49a03362a50f09bc56fdc014403e84dcd6e5b9cbf6d222a

    • Size

      8.1MB

    • MD5

      20b9497d1553008661299125ed5c1500

    • SHA1

      dbe373300c2df57307a587f0cb924ef9b9b28524

    • SHA256

      2c9b210368b61b07c49a03362a50f09bc56fdc014403e84dcd6e5b9cbf6d222a

    • SHA512

      d1df4e17b3cc9380d18947a8125aeaf67180920ff209a5a92fbf167229c3d1b1d60b2c636f23ea1e4f18975efb6d5afefd6180389e0224f982c2e6202d8b6512

    • SSDEEP

      196608:sBNYWIKYmYJCSgJjYUyjQxYkAhW1TET+ivmIH/de:sBNYVvISgJjYUyjlkAhWBTivmq/de

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks