Overview

overview

8

Static

static

3

vmaware64.exe

windows7-x64

8

vmaware64.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vmaware64.exe

  • Size

    277KB

  • Sample

    240801-z2plqawfnr

  • MD5

    bffab92f405fe14f40b1c128fd5cbf97

  • SHA1

    83cd0f565d1b05c4d56660eeee30cf48b5ef1aad

  • SHA256

    7ef9217f5bbc58e995de28f851f68d4c850052587e100ab522b860ca71a0b3a1

  • SHA512

    a1209a24a2eb4bd7985cb4564934eb2a693975c4880eb79af6d65e215d47878e2ac8ed3bb69ea74b41dd24884294720c8d4f9d646a7c35316d0e9c773d380d16

  • SSDEEP

    6144:FtN7mjESfkP86KYIa9Z5oO9Xi8w0JKitPcZy4cegilb/rQA8dk:7NSJsxZ5oOh85r8d

Score
8/10
discoveryevasion

Malware Config

Targets

    • Target

      vmaware64.exe

    • Size

      277KB

    • MD5

      bffab92f405fe14f40b1c128fd5cbf97

    • SHA1

      83cd0f565d1b05c4d56660eeee30cf48b5ef1aad

    • SHA256

      7ef9217f5bbc58e995de28f851f68d4c850052587e100ab522b860ca71a0b3a1

    • SHA512

      a1209a24a2eb4bd7985cb4564934eb2a693975c4880eb79af6d65e215d47878e2ac8ed3bb69ea74b41dd24884294720c8d4f9d646a7c35316d0e9c773d380d16

    • SSDEEP

      6144:FtN7mjESfkP86KYIa9Z5oO9Xi8w0JKitPcZy4cegilb/rQA8dk:7NSJsxZ5oOh85r8d

    Score
    8/10
    discoveryevasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks