Overview

overview

9

Static

static

3

Scoped+Cha...1).exe

windows7-x64

9

Scoped+Cha...1).exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Scoped+Chair+++spoofer(1).exe

  • Size

    9.9MB

  • Sample

    240805-my145axgqd

  • MD5

    61435251e7b453de5bdf330c05a77a86

  • SHA1

    6c51a41048f27ab014fec0ea1181dc5daa951198

  • SHA256

    9e1b7c841f7738155240f919b6c2a032007f7753f8899d13db098a01b89fe688

  • SHA512

    dd8ab96a428628b1a4382e51e26eb8cfff7c0035b27ec4f3e951e4ec5654c01cd0cd2b77ce6a3a303044f4ae2400c711d4c93b278bc6a91745bb5ec6047c19ed

  • SSDEEP

    196608:yWSNYxShD7WGj2xIxVOjkKALGZIyUgMgaG2DtAF3QChCIKCFav6VnmpCcNXA:8NYshkxIxVaALKIkMgaG2gVhCI7CIcNw

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      Scoped+Chair+++spoofer(1).exe

    • Size

      9.9MB

    • MD5

      61435251e7b453de5bdf330c05a77a86

    • SHA1

      6c51a41048f27ab014fec0ea1181dc5daa951198

    • SHA256

      9e1b7c841f7738155240f919b6c2a032007f7753f8899d13db098a01b89fe688

    • SHA512

      dd8ab96a428628b1a4382e51e26eb8cfff7c0035b27ec4f3e951e4ec5654c01cd0cd2b77ce6a3a303044f4ae2400c711d4c93b278bc6a91745bb5ec6047c19ed

    • SSDEEP

      196608:yWSNYxShD7WGj2xIxVOjkKALGZIyUgMgaG2DtAF3QChCIKCFav6VnmpCcNXA:8NYshkxIxVaALKIkMgaG2gVhCI7CIcNw

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks