d7f93dd3cc29ddbcc20355213ecc35226f0db4ba42c47c166310c6c937dd5180 | Triage

Sharing

General

Target

external_obf.exe
Size

37.4MB
Sample

240706-2qjmfavhjk
MD5

04a2203440a8e4ad58e9383272d2e4c4
SHA1

e8539a930e7feaf92e76a40a675afaee1f89fb2f
SHA256

d7f93dd3cc29ddbcc20355213ecc35226f0db4ba42c47c166310c6c937dd5180
SHA512

ac10acfbe4948b43f7b4ff6c311bca851958ab4ea21726c63125ac250853a704fbe6d4dda7ee2ae0176eeb3c4ce1c709e3784418463234d23ab767b473b6183b
SSDEEP

786432:Vn89EgmKjPMXH2BeGpip+3dYPkiNE4apoc0:VnoEgJzGWBeGpzdY5E4moc0

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  external_obf.exe
- Size
  
  37.4MB
- MD5
  
  04a2203440a8e4ad58e9383272d2e4c4
- SHA1
  
  e8539a930e7feaf92e76a40a675afaee1f89fb2f
- SHA256
  
  d7f93dd3cc29ddbcc20355213ecc35226f0db4ba42c47c166310c6c937dd5180
- SHA512
  
  ac10acfbe4948b43f7b4ff6c311bca851958ab4ea21726c63125ac250853a704fbe6d4dda7ee2ae0176eeb3c4ce1c709e3784418463234d23ab767b473b6183b
- SSDEEP
  
  786432:Vn89EgmKjPMXH2BeGpip+3dYPkiNE4apoc0:VnoEgJzGWBeGpzdY5E4moc0
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2