General

  • Target

    b76d12f6d6588fc9d55da09a697926cd535e942ef64825bd33b238fad284460c

  • Size

    1.9MB

  • Sample

    240930-b7nplswanb

  • MD5

    bf0be7951a7f27a4396800841e696208

  • SHA1

    995f57699b300b9032443fcdfe5501e515f90ffc

  • SHA256

    b76d12f6d6588fc9d55da09a697926cd535e942ef64825bd33b238fad284460c

  • SHA512

    5780f9eb37fe1f4bd9f7ee932b5e313a73784eda997418428fa96131c2cc4db25b974511a41ccdcfcbe9ec34c6bd0d1f588cfa9b4110de6364656856517ed253

  • SSDEEP

    49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCFh:ISjydNCYn0+M

Malware Config

Targets

    • Target

      b76d12f6d6588fc9d55da09a697926cd535e942ef64825bd33b238fad284460c

    • Size

      1.9MB

    • MD5

      bf0be7951a7f27a4396800841e696208

    • SHA1

      995f57699b300b9032443fcdfe5501e515f90ffc

    • SHA256

      b76d12f6d6588fc9d55da09a697926cd535e942ef64825bd33b238fad284460c

    • SHA512

      5780f9eb37fe1f4bd9f7ee932b5e313a73784eda997418428fa96131c2cc4db25b974511a41ccdcfcbe9ec34c6bd0d1f588cfa9b4110de6364656856517ed253

    • SSDEEP

      49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCFh:ISjydNCYn0+M

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks