General
-
Target
Your file name without extension goes here.exe
-
Size
2.1MB
-
Sample
240705-nyfc4axfpk
-
MD5
81005ce1a11c6f8722c14bea4663e942
-
SHA1
7b69c8315fdc0182a0dcdc1edb58de7819acd72d
-
SHA256
77dc175b8fe04dae53d6c2a82d8842b03eff1f7a0116c5da1e4cebd7e7d6d4b1
-
SHA512
8ee192b32eea8b3427446bae26e5f6ab30c0451fc90f97aad87e25d7ec533b02ccd10ccc881a90f2d1897b17e9bd3dd68d42e204be1e5c4eb3dedec143c13453
-
SSDEEP
12288:qOmuutRpVOCYRl9AJX1p/cLfHaRoQy4b9Ki5yXH5o8VVZ:qk81eRl6bpkzPQyEyXy+
Malware Config
Targets
-
-
Target
Your file name without extension goes here.exe
-
Size
2.1MB
-
MD5
81005ce1a11c6f8722c14bea4663e942
-
SHA1
7b69c8315fdc0182a0dcdc1edb58de7819acd72d
-
SHA256
77dc175b8fe04dae53d6c2a82d8842b03eff1f7a0116c5da1e4cebd7e7d6d4b1
-
SHA512
8ee192b32eea8b3427446bae26e5f6ab30c0451fc90f97aad87e25d7ec533b02ccd10ccc881a90f2d1897b17e9bd3dd68d42e204be1e5c4eb3dedec143c13453
-
SSDEEP
12288:qOmuutRpVOCYRl9AJX1p/cLfHaRoQy4b9Ki5yXH5o8VVZ:qk81eRl6bpkzPQyEyXy+
Score10/10-
UAC bypass
-
Windows security bypass
-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Windows security modification
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Scripting
1Virtualization/Sandbox Evasion
2