33db059ad0344af99a91e5dc4645b4ed21f6476301dbcdd9b7938fa9f5b240fa | Triage

Sharing

General

Target

Perm Spoofer.exe
Size

28.1MB
Sample

241002-3ttggsxbqd
MD5

6d580b009bd7e0c1d5d2e1da54191743
SHA1

4e3568f77dfb112c6a30c9f04fece99b0a219153
SHA256

33db059ad0344af99a91e5dc4645b4ed21f6476301dbcdd9b7938fa9f5b240fa
SHA512

2e7b119a035295da2a1c666f6b4d1c2de1cc2aaf2392dc4c4f76bb4edef74022902b50b539aa26a0c035c7f4d87442dc498236a37ea50e5a7408af355bad0325
SSDEEP

786432:DEpTc844UEVZOh3yWhcs8sCir3G9uyRpwn3uY4dws:4S8WlinvU3yu+E3p7s

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  Perm Spoofer.exe
- Size
  
  28.1MB
- MD5
  
  6d580b009bd7e0c1d5d2e1da54191743
- SHA1
  
  4e3568f77dfb112c6a30c9f04fece99b0a219153
- SHA256
  
  33db059ad0344af99a91e5dc4645b4ed21f6476301dbcdd9b7938fa9f5b240fa
- SHA512
  
  2e7b119a035295da2a1c666f6b4d1c2de1cc2aaf2392dc4c4f76bb4edef74022902b50b539aa26a0c035c7f4d87442dc498236a37ea50e5a7408af355bad0325
- SSDEEP
  
  786432:DEpTc844UEVZOh3yWhcs8sCir3G9uyRpwn3uY4dws:4S8WlinvU3yu+E3p7s
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1