Overview

overview

9

Static

static

3

mping_3.exe

windows11-21h2-x64

9

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$_4_.msi

windows11-21h2-x64

Resubmissions

29/07/2024, 01:17

240729-bnjljszdlc 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mping_3.exe

  • Size

    6.8MB

  • Sample

    240729-bnjljszdlc

  • MD5

    6bb0e7ab216ce0bfc7e50281845e819a

  • SHA1

    171f20d07a5aa2e0e55b9e0a05a39cf935a33410

  • SHA256

    4889bfd701e275aae36ff9005b4e94fa1e9e6edbc263fa7c8a50040e1d78ca83

  • SHA512

    0a122ffb342197d30a063995687aa32edb3da6abd8dbc1736861a47aafce651ef5fe64bff0c1c34f6abc0ab80e3e6826d293d66c6e0fafb6a5d11040bfe7df9f

  • SSDEEP

    196608:oXPxoWDeuKoJMC0loFRLQwhH6OJxxXK7/hw+:qJo2tOliQwhH1JxxXK7/hz

Score
9/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      mping_3.exe

    • Size

      6.8MB

    • MD5

      6bb0e7ab216ce0bfc7e50281845e819a

    • SHA1

      171f20d07a5aa2e0e55b9e0a05a39cf935a33410

    • SHA256

      4889bfd701e275aae36ff9005b4e94fa1e9e6edbc263fa7c8a50040e1d78ca83

    • SHA512

      0a122ffb342197d30a063995687aa32edb3da6abd8dbc1736861a47aafce651ef5fe64bff0c1c34f6abc0ab80e3e6826d293d66c6e0fafb6a5d11040bfe7df9f

    • SSDEEP

      196608:oXPxoWDeuKoJMC0loFRLQwhH6OJxxXK7/hw+:qJo2tOliQwhH1JxxXK7/hz

    Score
    9/10
    discoveryevasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    discovery
    behavioral2

    • Target

      $_4_

    • Size

      12.9MB

    • MD5

      fd476441bcfc1a7baee0af3b0a01b983

    • SHA1

      7e94daaa95fe287e30af998541345ebc346131cc

    • SHA256

      afb2f5dc7f728bd2cccca131cee5c8e11e3c8eea5536f185646df571862af5d0

    • SHA512

      156ff9bbef3a60aa95c8c3d8d7a9c45217437f2854afae5cd3c1787d52e6617c9a9bb059905998ad10a6df70236c25520e7f0f7bdc641005c471656cf85fab9d

    • SSDEEP

      196608:aXNzQudHY6xTgblg4R57hW1zQgckPmzszJR48OHQmRmP68mS8:aX1QE48Uhl/8UmIVzHQV

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks