General

  • Target

    c920467d8d186a091d238ccc77baff9bd0a58c5df50ba832395700b772a2a017

  • Size

    6.3MB

  • Sample

    240526-f2vm7agd6t

  • MD5

    caaf89074cad2b6c9353393c53ec2445

  • SHA1

    dc551ce7f375e24fbd6bdb3ab97b3bac9ddb7f29

  • SHA256

    c920467d8d186a091d238ccc77baff9bd0a58c5df50ba832395700b772a2a017

  • SHA512

    59685e80e7cfc5f52a2dbf7172bf27bb6ddf8549cc97d4bc14b70c2e49fcb6f62b0e2b4b1fc3d5e899718ec75920a3227e8b332585fb2f6387334200274de8fb

  • SSDEEP

    196608:Oe2OcJdupmFQ0wu6lLd2IvC4pC04ezNsgNvGVft:OercXupBu6Zk4A04ezNsgVI

Malware Config

Targets

    • Target

      c920467d8d186a091d238ccc77baff9bd0a58c5df50ba832395700b772a2a017

    • Size

      6.3MB

    • MD5

      caaf89074cad2b6c9353393c53ec2445

    • SHA1

      dc551ce7f375e24fbd6bdb3ab97b3bac9ddb7f29

    • SHA256

      c920467d8d186a091d238ccc77baff9bd0a58c5df50ba832395700b772a2a017

    • SHA512

      59685e80e7cfc5f52a2dbf7172bf27bb6ddf8549cc97d4bc14b70c2e49fcb6f62b0e2b4b1fc3d5e899718ec75920a3227e8b332585fb2f6387334200274de8fb

    • SSDEEP

      196608:Oe2OcJdupmFQ0wu6lLd2IvC4pC04ezNsgNvGVft:OercXupBu6Zk4A04ezNsgVI

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks