ed4779065885f6dc8ec06a51001a9d2d43a30b9ebab75a67732c0ca0ead9fc6a | Triage

Sharing

General

Target

ed4779065885f6dc8ec06a51001a9d2d43a30b9ebab75a67732c0ca0ead9fc6a
Size

1.8MB
Sample

240818-2dvtya1epn
MD5

2b81bedce7f9813517119325ead31ecd
SHA1

df9f62ad6327dfe93cca7ffe3b99781ac1c2a5e3
SHA256

ed4779065885f6dc8ec06a51001a9d2d43a30b9ebab75a67732c0ca0ead9fc6a
SHA512

1183d860833e44ca04e8ca3b8600eaa7027c669e247110af22d81e793544269dfa39e256d39bea3f55cd290ce67b68e93dc814df1d21a8fb19930394daa92cc1
SSDEEP

24576:rXt0QeKeOxopJnLQ7FQnf3p7no+uwWxEun79yXXQGA/W5b1YDIwtxRCgmSw9YiAD:rXt0QSnLQ7e/p7ngAnQ7/qYMgCUwk

Score

9^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  ed4779065885f6dc8ec06a51001a9d2d43a30b9ebab75a67732c0ca0ead9fc6a
- Size
  
  1.8MB
- MD5
  
  2b81bedce7f9813517119325ead31ecd
- SHA1
  
  df9f62ad6327dfe93cca7ffe3b99781ac1c2a5e3
- SHA256
  
  ed4779065885f6dc8ec06a51001a9d2d43a30b9ebab75a67732c0ca0ead9fc6a
- SHA512
  
  1183d860833e44ca04e8ca3b8600eaa7027c669e247110af22d81e793544269dfa39e256d39bea3f55cd290ce67b68e93dc814df1d21a8fb19930394daa92cc1
- SSDEEP
  
  24576:rXt0QeKeOxopJnLQ7FQnf3p7no+uwWxEun79yXXQGA/W5b1YDIwtxRCgmSw9YiAD:rXt0QSnLQ7e/p7ngAnQ7/qYMgCUwk
Score

9^/10

discovery evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan