General
-
Target
729dc7530d64899b1b98e4029a0901c3.bin
-
Size
56.5MB
-
Sample
240806-dzjf2ascnh
-
MD5
729dc7530d64899b1b98e4029a0901c3
-
SHA1
a913ac448bc46b4d12a1e1fc1dbbb7215ddda29a
-
SHA256
7c7956bf7741138d599fa191f5f7d6245e04c6695e4a7847407f666e2a641ffc
-
SHA512
716c9b9dbd5f4c93efaf6de1deeaf17c497a10cca5d861e61e18f87a8e9af2bc42b0ea36f82d4e9b80766229ca9f2925f5912b194615ff8eb39ec1b3e76431bc
-
SSDEEP
1572864:amKm5eNXA90p2N+iUgK1EEZBplhSwPTMSnhXQYoeQBPB:t5ec6C+imvrM0QYoeuZ
Malware Config
Targets
-
-
Target
729dc7530d64899b1b98e4029a0901c3.bin
-
Size
56.5MB
-
MD5
729dc7530d64899b1b98e4029a0901c3
-
SHA1
a913ac448bc46b4d12a1e1fc1dbbb7215ddda29a
-
SHA256
7c7956bf7741138d599fa191f5f7d6245e04c6695e4a7847407f666e2a641ffc
-
SHA512
716c9b9dbd5f4c93efaf6de1deeaf17c497a10cca5d861e61e18f87a8e9af2bc42b0ea36f82d4e9b80766229ca9f2925f5912b194615ff8eb39ec1b3e76431bc
-
SSDEEP
1572864:amKm5eNXA90p2N+iUgK1EEZBplhSwPTMSnhXQYoeQBPB:t5ec6C+imvrM0QYoeuZ
Score10/10-
UAC bypass
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1