9e734987ac3f35994c15a092409087db7de9fb312d6f557c7f485a856e083fed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Cloudware.exe
Size

297KB
Sample

240822-ajpfkasbpp
MD5

0bf0db39b67c5e2c2568032644fb3b19
SHA1

f37d67f69a49413c445fba5d5f856c01838fa47b
SHA256

9e734987ac3f35994c15a092409087db7de9fb312d6f557c7f485a856e083fed
SHA512

82bf0626515458cd1a39db870f7c73011060b50d12f26fb696b6cfd4d55f9c30cf7c13e59d57c4c537f1b22fbbc49eb46a32134f473ad85802b5fb443cee58e3
SSDEEP

6144:0lqrZuknt47WpkGXgTyObsHTTxF4wA7Se5ipWLZ0MLdcFCdYvJyL28yi0uuhb9jw:27smszTxF4wA9hLZViQYvJs28yVuuhbG

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  Cloudware.exe
- Size
  
  297KB
- MD5
  
  0bf0db39b67c5e2c2568032644fb3b19
- SHA1
  
  f37d67f69a49413c445fba5d5f856c01838fa47b
- SHA256
  
  9e734987ac3f35994c15a092409087db7de9fb312d6f557c7f485a856e083fed
- SHA512
  
  82bf0626515458cd1a39db870f7c73011060b50d12f26fb696b6cfd4d55f9c30cf7c13e59d57c4c537f1b22fbbc49eb46a32134f473ad85802b5fb443cee58e3
- SSDEEP
  
  6144:0lqrZuknt47WpkGXgTyObsHTTxF4wA7Se5ipWLZ0MLdcFCdYvJyL28yi0uuhb9jw:27smszTxF4wA9hLZViQYvJs28yVuuhbG
Score

9^/10

discovery evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion