General
-
Target
127d792529341c133f9cdab9eb6761a3bc5ffaf92a5ed24ca739dec3111c4298
-
Size
4.5MB
-
Sample
240711-dpy4qsybmf
-
MD5
75c64160d75200a5dc2bc7096ebebe2e
-
SHA1
7a5573989b2be66a22aed36b863ffc9263476605
-
SHA256
127d792529341c133f9cdab9eb6761a3bc5ffaf92a5ed24ca739dec3111c4298
-
SHA512
3b52d50a2a3eb02aa87a04543406bfe6840973319bdd13afeff158cdecffec2a286de1cd172448a06f1d41b4b97511251a389f116fa36c7ae388945ced8ff997
-
SSDEEP
98304:94FVbkkyY22XZJ+F2ndXeDyow2Yfqwn4Klz1Eh6dxYbaMxSda:9ylPg2XZJc2dX60qqxYOisa
Malware Config
Targets
-
-
Target
127d792529341c133f9cdab9eb6761a3bc5ffaf92a5ed24ca739dec3111c4298
-
Size
4.5MB
-
MD5
75c64160d75200a5dc2bc7096ebebe2e
-
SHA1
7a5573989b2be66a22aed36b863ffc9263476605
-
SHA256
127d792529341c133f9cdab9eb6761a3bc5ffaf92a5ed24ca739dec3111c4298
-
SHA512
3b52d50a2a3eb02aa87a04543406bfe6840973319bdd13afeff158cdecffec2a286de1cd172448a06f1d41b4b97511251a389f116fa36c7ae388945ced8ff997
-
SSDEEP
98304:94FVbkkyY22XZJ+F2ndXeDyow2Yfqwn4Klz1Eh6dxYbaMxSda:9ylPg2XZJc2dX60qqxYOisa
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1