bcf68a26d93f182b81cb9f211b7f4fafc8dd283e68f2957bb19185817753c605 | Triage

Sharing

General

Target

Imian ARK INI.exe
Size

4.1MB
Sample

240814-qzn3qsvfpf
MD5

f0f155f68a253e2da54d56cf8b3440a6
SHA1

3d1e334ba82a073a95ad0d1d9e939b441f2c839c
SHA256

bcf68a26d93f182b81cb9f211b7f4fafc8dd283e68f2957bb19185817753c605
SHA512

673809a88494c2428938a669c8b50ce7fcba384d0fae8f62a4fdb1dcbd3546280c67857cf38fbd4cef0031e88203ae92010e4583caf185de4ea1e996ac28e207
SSDEEP

98304:gNUvbIDn+S3UWNRl9jKxSIj9gEtVeq7pX56zbWSi/ivkgzXPK:gNYuH3U4Rl9juFPjcbW5/it+

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  Imian ARK INI.exe
- Size
  
  4.1MB
- MD5
  
  f0f155f68a253e2da54d56cf8b3440a6
- SHA1
  
  3d1e334ba82a073a95ad0d1d9e939b441f2c839c
- SHA256
  
  bcf68a26d93f182b81cb9f211b7f4fafc8dd283e68f2957bb19185817753c605
- SHA512
  
  673809a88494c2428938a669c8b50ce7fcba384d0fae8f62a4fdb1dcbd3546280c67857cf38fbd4cef0031e88203ae92010e4583caf185de4ea1e996ac28e207
- SSDEEP
  
  98304:gNUvbIDn+S3UWNRl9jKxSIj9gEtVeq7pX56zbWSi/ivkgzXPK:gNYuH3U4Rl9juFPjcbW5/it+
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1