Overview

overview

9

Static

static

3

c570f48216...12.exe

windows7-x64

9

c570f48216...12.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c570f4821646a996e1a70d8366cb4f6f3b4de43ab286018c32cc1802a8e55712

  • Size

    2.7MB

  • Sample

    240908-zgfs3svajp

  • MD5

    77060d6fac812ceba472906df731442c

  • SHA1

    f97544882d5dda2a831b68bec39cb9facbaceb0a

  • SHA256

    c570f4821646a996e1a70d8366cb4f6f3b4de43ab286018c32cc1802a8e55712

  • SHA512

    8be3f99d113f7ae4684dbfc307c4b0c017bb2e24d7530a8c7a05712b0a5c243f3a2de1a235fcbb23042888857dc5317f0737f2d40f61f3fafa9c77500dd1d56d

  • SSDEEP

    49152:w4GRMcTILl9XORhquCL7yoVVAOsie4MgOG+ebN2yOsWYGeAvuPxNf55ZGOsZVd:w4iIvXikyOCONiB65ZVzbZGOid

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      c570f4821646a996e1a70d8366cb4f6f3b4de43ab286018c32cc1802a8e55712

    • Size

      2.7MB

    • MD5

      77060d6fac812ceba472906df731442c

    • SHA1

      f97544882d5dda2a831b68bec39cb9facbaceb0a

    • SHA256

      c570f4821646a996e1a70d8366cb4f6f3b4de43ab286018c32cc1802a8e55712

    • SHA512

      8be3f99d113f7ae4684dbfc307c4b0c017bb2e24d7530a8c7a05712b0a5c243f3a2de1a235fcbb23042888857dc5317f0737f2d40f61f3fafa9c77500dd1d56d

    • SSDEEP

      49152:w4GRMcTILl9XORhquCL7yoVVAOsie4MgOG+ebN2yOsWYGeAvuPxNf55ZGOsZVd:w4iIvXikyOCONiB65ZVzbZGOid

    Score
    9/10
    discoveryevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks