5ef898e120cefd46934f16b4fbadc268e1c50f37ff58a1b3e47cb70e6353f27e | Triage

Sharing

General

Target

Loader (1).exe
Size

13.3MB
Sample

240825-cm737atepp
MD5

982279b044cacd5ed5495996c4561526
SHA1

522e37a0749df894453f84c1c1574baf96da2181
SHA256

5ef898e120cefd46934f16b4fbadc268e1c50f37ff58a1b3e47cb70e6353f27e
SHA512

d3346a858a16f13c03a2da963d08364b0cfc1a1f6e76714aab28141ecec0ef0d9735cec7e0a75da1e27841a820a3b9e166f3efabc2934664909e3d2c2259cbd2
SSDEEP

393216:IFQmAULmh+9jDv0qHaECkJ/CsNv5eEYDL:rULmsVHaERJ/XvYzP

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  Loader (1).exe
- Size
  
  13.3MB
- MD5
  
  982279b044cacd5ed5495996c4561526
- SHA1
  
  522e37a0749df894453f84c1c1574baf96da2181
- SHA256
  
  5ef898e120cefd46934f16b4fbadc268e1c50f37ff58a1b3e47cb70e6353f27e
- SHA512
  
  d3346a858a16f13c03a2da963d08364b0cfc1a1f6e76714aab28141ecec0ef0d9735cec7e0a75da1e27841a820a3b9e166f3efabc2934664909e3d2c2259cbd2
- SSDEEP
  
  393216:IFQmAULmh+9jDv0qHaECkJ/CsNv5eEYDL:rULmsVHaERJ/XvYzP
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3