General

  • Target

    56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c

  • Size

    4.4MB

  • Sample

    240525-ydpfdafg4z

  • MD5

    5de35bf2a5c775600ee0dda327208977

  • SHA1

    437d33a9b8acfa8c579395e280233f837ac37c32

  • SHA256

    56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c

  • SHA512

    c7b088cd3972a07de92db055b55474a623ed0ab3e7282024da5d82481c201f5c0eaad258d83ac7ae01d90e175cee37aeb64989117e83ee7c7a59ca525723bb9e

  • SSDEEP

    98304:fE/JUhJQj4nKE/oe6im51pRUzXnzc7YArZ4JBAUZLvfi3:M2oOJoVZU7zyYxJV7fi3

Malware Config

Targets

    • Target

      56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c

    • Size

      4.4MB

    • MD5

      5de35bf2a5c775600ee0dda327208977

    • SHA1

      437d33a9b8acfa8c579395e280233f837ac37c32

    • SHA256

      56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c

    • SHA512

      c7b088cd3972a07de92db055b55474a623ed0ab3e7282024da5d82481c201f5c0eaad258d83ac7ae01d90e175cee37aeb64989117e83ee7c7a59ca525723bb9e

    • SSDEEP

      98304:fE/JUhJQj4nKE/oe6im51pRUzXnzc7YArZ4JBAUZLvfi3:M2oOJoVZU7zyYxJV7fi3

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks