General

  • Target

    SecuriteInfo.com.Win64.TrojanX-gen.15859.30901.exe

  • Size

    4.6MB

  • Sample

    240620-stmzlavaph

  • MD5

    0a5b3ec2cd9289fba38ba9662f2e6168

  • SHA1

    c4689605d20aa3a7a2f56d3c7f9dc9ca7b66d138

  • SHA256

    0f0a8de3c71b4e53632e29534b7cc4820759ee4c6727a1c7bd39ab8ec28c9662

  • SHA512

    bc8b43565799f21443cd890e3f59a5a112717380da3946a1dd0805fa87d2a8df45186aff19f84ce9246b8a1ade445c5eace5f7e55d4b09788b2c8e95c094edb6

  • SSDEEP

    98304:uA+ckuXu1eE7UpgDuqqkSiMu6yoJbKo+Rtg3Y/QcaXJIOIsw+B:u3VuhEIqDuTkS86y2KrRtg3Y/NmIOvB

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win64.TrojanX-gen.15859.30901.exe

    • Size

      4.6MB

    • MD5

      0a5b3ec2cd9289fba38ba9662f2e6168

    • SHA1

      c4689605d20aa3a7a2f56d3c7f9dc9ca7b66d138

    • SHA256

      0f0a8de3c71b4e53632e29534b7cc4820759ee4c6727a1c7bd39ab8ec28c9662

    • SHA512

      bc8b43565799f21443cd890e3f59a5a112717380da3946a1dd0805fa87d2a8df45186aff19f84ce9246b8a1ade445c5eace5f7e55d4b09788b2c8e95c094edb6

    • SSDEEP

      98304:uA+ckuXu1eE7UpgDuqqkSiMu6yoJbKo+Rtg3Y/QcaXJIOIsw+B:u3VuhEIqDuTkS86y2KrRtg3Y/NmIOvB

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks