d8b7bcaf6f231437aa8c36ab8ec31e4109cba3852ea738b92aa7e7901f39bd01 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

echo-free.exe
Size

29.3MB
Sample

240704-wharns1dpk
MD5

423339b026794bfb83f3aa2e487229ab
SHA1

f504e737a4ff9ddbcb20b4ee47805df595e22913
SHA256

d8b7bcaf6f231437aa8c36ab8ec31e4109cba3852ea738b92aa7e7901f39bd01
SHA512

32bbe2874178eca5393d7c82d0b79368e4c6c4bc67ecad8de7ec51eba7edfda55cb6df036fc241a856e266ab4fcf578d2ed61fbee707d760ee8b25b4bc39e7ca
SSDEEP

393216:jNIKZsuxSazGoDYxejMt0cmMwXECoxXmgHzX/utnuQH:hIksuMazGYinVoToxXms/ih

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  echo-free.exe
- Size
  
  29.3MB
- MD5
  
  423339b026794bfb83f3aa2e487229ab
- SHA1
  
  f504e737a4ff9ddbcb20b4ee47805df595e22913
- SHA256
  
  d8b7bcaf6f231437aa8c36ab8ec31e4109cba3852ea738b92aa7e7901f39bd01
- SHA512
  
  32bbe2874178eca5393d7c82d0b79368e4c6c4bc67ecad8de7ec51eba7edfda55cb6df036fc241a856e266ab4fcf578d2ed61fbee707d760ee8b25b4bc39e7ca
- SSDEEP
  
  393216:jNIKZsuxSazGoDYxejMt0cmMwXECoxXmgHzX/utnuQH:hIksuMazGYinVoToxXms/ih
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1