Overview

overview

9

Static

static

7

photon.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240920-3k5hdsvcqp_pw_infected.zip

  • Size

    2.1MB

  • Sample

    240920-3tdq2avejb

  • MD5

    3a43e5f3d47cd15ce1d269a69175616c

  • SHA1

    6c8a24603009fbf2682d097feb9a637fef84568d

  • SHA256

    f35ae2271b0296a5cea58a5f3c77aae72838661696ea74a92b185b3c95f98d3c

  • SHA512

    d3461c6754a3d67a6c22095a6e2f5ff2089eaa61fb729b63c880db0500394cc02dfca8d665d6ec991531cc8ce06e9fa0c97028b454bf8fce223fd83107a9e029

  • SSDEEP

    49152:92UN+AxSYO0awT5/eD4pkHoXeSMxQ5pPW+V0:92G5x9awVRkHCsxQLOb

Score
9/10
discoveryevasionupx

Malware Config

Targets

    • Target

      photon.exe

    • Size

      2.1MB

    • MD5

      d19eb1b3b7ce56049f56fe344ffd2ae8

    • SHA1

      03aa6c5ccc74936365e8f7147eb734e7a73faf2b

    • SHA256

      57f4bfe40c4eb0ce33a2859c4986697af07795079a8c65ec922f559e433d3068

    • SHA512

      248b96d64ae4264133b7a83b5da686af76b2f5b5fd3b5babeaa63cce8537940f390ade4b9992a3061527e5ac0354d5ec9e211fd04ed330aee0cefd2bc9587597

    • SSDEEP

      49152:zLK1LGXUJ5X73o8k2yuKZXCg/Nf9ULdOwDmoAekpAg/:vKZGelo8kttXt/NSxDmNAg

    Score
    9/10
    discoveryevasionupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks