General
-
Target
file.exe
-
Size
100KB
-
Sample
240930-q3jmessepg
-
MD5
07df7ce090a7fe033952ef5651684566
-
SHA1
fa0b5c800577df34320a8289d1a8ab50eb4659bb
-
SHA256
37c2b040bf4aad7189adcd32f1021208622754c043d6e3f8b4afa5dc9f078ee0
-
SHA512
d1f86cce5c7ff0ba6bf40299522e4c9a942c8baef7b84a064b878b270a6813edc1aa2159dcb7112c901f8cb67f2dcc2cf66646c70dbd6222969aa6b76a1f0965
-
SSDEEP
1536:1LXB65939tY6HBg4sXJm4d1dWrclLnV24EOcVf2UTUfB:1Lk395hYXJl/1n9i+
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
100KB
-
MD5
07df7ce090a7fe033952ef5651684566
-
SHA1
fa0b5c800577df34320a8289d1a8ab50eb4659bb
-
SHA256
37c2b040bf4aad7189adcd32f1021208622754c043d6e3f8b4afa5dc9f078ee0
-
SHA512
d1f86cce5c7ff0ba6bf40299522e4c9a942c8baef7b84a064b878b270a6813edc1aa2159dcb7112c901f8cb67f2dcc2cf66646c70dbd6222969aa6b76a1f0965
-
SSDEEP
1536:1LXB65939tY6HBg4sXJm4d1dWrclLnV24EOcVf2UTUfB:1Lk395hYXJl/1n9i+
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1