15fa86cb0fc2faac28d529529ba9e1688f43a87ca6c43e411e247eeafa6959ee | Triage

Resubmissions

03-09-2024 09:31

240903-lharkatamj 7

03-09-2024 09:22

240903-lbyj2stgpf 7

Sharing

General

Target

Van.7z
Size

2.5MB
Sample

240903-lharkatamj
MD5

8337ba25c923309f2ae7431e0afe1cba
SHA1

c2d8f6e742c4274a4bbc5fb641ee29483da49a50
SHA256

15fa86cb0fc2faac28d529529ba9e1688f43a87ca6c43e411e247eeafa6959ee
SHA512

ff91c9b9617dc58902293b18eba20e2426cf415acbd5b12d068a640a54d12d61e184a034a09f01f87a746800793d5c58ebb25297ecea3cde25cf6c52e1bdc19c
SSDEEP

49152:OWq9nz0jf4sTzy8bxx+5apMgLhsa2sxn83uJwhNSJn2iVjD1Z9yHCflVaWjUh:OWq6zX/y8y8pMasa2t32whM7ByHCtVjE

Score

7^/10

Malware Config

Targets

- Target
  
  VANGUARD BYPASS.exe
- Size
  
  2.5MB
- MD5
  
  2473c143b9591080093561cd3fc42955
- SHA1
  
  3a65083c411edba6b7a5dcdb93a2bebcc410e95b
- SHA256
  
  89ee1cbd0ef4390b420dea55744487665d4bf7dcfa2c2597db2984dfad5dff1a
- SHA512
  
  ae599014de20c34d0b75d938f743dc443b37bbd5095ec4f24548f9cff5a08f48a7959eae0dea070cf5d43d6916a4affe8ff1d825f5d8ab2907f00a9df5a5c334
- SSDEEP
  
  49152:pXkQq9LDj26Mx1zrHvxx5qaXqQ7hsaNsRBt87lOpSJnQxnDNZGZ8VpDTU2:pXkQqxD8NrHxhXqosaNO8JOY+6OVlU
Score

7^/10
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2