2f78abcf8efd1843e5953bb000b487b50ba7bc1ded77933294b7c70cdc157675 | Triage

Sharing

General

Target

chrome.zip
Size

7.4MB
Sample

240606-kvwdcsda78
MD5

9bc9c81b8eb739550ced80cbe3876084
SHA1

181c1b81eeccf882041c6e4bbfcbe3b09b5c96e6
SHA256

2f78abcf8efd1843e5953bb000b487b50ba7bc1ded77933294b7c70cdc157675
SHA512

1631cee8eb5c4f801423725cef27d27b4fef7bedb9f40242b5a4ff93f3b7a10c440446bc9e7521b887bb34284096ec4fa386ebec6c5e0398189adff6150fe167
SSDEEP

196608:F5xXJC5ivSEB6ANotUNCHRkIWLYr+kNPJi2NteSw+B/Uktn5Sg:/DH6A2tUNCxkVLy+klXeSYjg

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  QtCore4.dll
- Size
  
  2.1MB
- MD5
  
  2fe0599b45e4f112cedc69986d10d21b
- SHA1
  
  3391843c5ddde45b17df309fe182c8dee1cb862a
- SHA256
  
  29aba16000167af9217510f93e6da8def731a8a5132024a7b7d1ba4c9116b7a9
- SHA512
  
  daa55eb9c223433b4d332e6aa40f2558057fcf98b01cf17f8aa68c9f53ffee9c56a86127efb37f7904282f7670608be9b4813a758d134e4c3ab501b4d0bdf39c
- SSDEEP
  
  49152:tU6a2PjSQTUEZtQqhJXbQKFdu9UTj6ep+Tqv:/vjT9sKFdu9WpX
Score

3^/10
behavioral1 behavioral2
- Target
  
  QtGui4.dll
- Size
  
  6.8MB
- MD5
  
  ddd7cb6f7fcb04a7a22b8c88e54960c4
- SHA1
  
  ec90b7dc14ba83b31557262f9f4694478cbb751a
- SHA256
  
  ed88922666a2323c05c08c75f7ad29d049d1a36399ab988ad5ce1e86149cb450
- SHA512
  
  0e6d046c4f4e5fab3bc0aea57a99f0a1779f7fb4a3950f0e302b65ef411c9a08c534607f1be9533fa82ea64be5a5391c28b5ab615de82680188e2b1d28c8fc07
- SSDEEP
  
  196608:AEubw71Hqi7SVzQlgj2bMWE+LpoMk+dTha46Yuy7uNcK:AEuERKoukwmLlJdThxcZ7
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  chrome.exe
- Size
  
  178KB
- MD5
  
  7cd87f8ad0cd8279f8699cd441238338
- SHA1
  
  523c83c22647164b7e7465fecaf798f3be5ac2d8
- SHA256
  
  71a7f53796731bd270704b825af080d1e84e2bb4d2184bb77926cd895dc87214
- SHA512
  
  b5ee28a24ba6fc4bb0e8a5b0c1a5adbfac204be43635ad99998bd4617726a5b5f95876dbdc7807b30cc74569b431ef7eb4a540f3e62b759e2fb36df9cff10796
- SSDEEP
  
  3072:k+sGBD3O9O6qe+4T+vqwqYROyCUbSIMAAAAAAAUAAAk2o5U:kZGBD3O9O6qe+4T+vqwqYROyCUbSDv5U
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6