General

  • Target

    059f427e5ef840d01e2b0ee57c07de6c03dfca172e6f725786f436b3ce27bf60

  • Size

    1.9MB

  • Sample

    240603-wxygaaee5t

  • MD5

    1adc55639805552d26c1c2157a3a79ca

  • SHA1

    aa268d54c2826fcd05dcc035af9e80470998361f

  • SHA256

    059f427e5ef840d01e2b0ee57c07de6c03dfca172e6f725786f436b3ce27bf60

  • SHA512

    76bbed53d76e3c4d4aa99e2e61e27f0b93bd48154ffd47d8f026dbf1733921f857c12c0b852c650d0c80e0617eb5db7356a524ff99c549c064bae408afd5e8b6

  • SSDEEP

    49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCF1:ISjydNCYn0+i

Score
10/10

Malware Config

Targets

    • Target

      059f427e5ef840d01e2b0ee57c07de6c03dfca172e6f725786f436b3ce27bf60

    • Size

      1.9MB

    • MD5

      1adc55639805552d26c1c2157a3a79ca

    • SHA1

      aa268d54c2826fcd05dcc035af9e80470998361f

    • SHA256

      059f427e5ef840d01e2b0ee57c07de6c03dfca172e6f725786f436b3ce27bf60

    • SHA512

      76bbed53d76e3c4d4aa99e2e61e27f0b93bd48154ffd47d8f026dbf1733921f857c12c0b852c650d0c80e0617eb5db7356a524ff99c549c064bae408afd5e8b6

    • SSDEEP

      49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCF1:ISjydNCYn0+i

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

2
T1112

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Tasks