General
-
Target
b1c8ea27ae819eecf5517c6aed222e9d.exe
-
Size
2.6MB
-
Sample
241014-1txg2aycqd
-
MD5
b1c8ea27ae819eecf5517c6aed222e9d
-
SHA1
132c66bab9a1666f49963c3da9b37d73eba4a43b
-
SHA256
4f487e7b86b7c1dcf52cb3016dda1c1a13c1489edd6f235836268d61834450d9
-
SHA512
1cdae52ee45bbe91403c9df4f38db5ddb2822b11348a0acc99a0af51df9a9b4ef7fe2f574ddc73aa83f7eb73f146baff1a5cdcf73bd23ac237dd5dcd3d39482a
-
SSDEEP
49152:ON8JWqOQE1IEmQfIvITTT7VrKMMS8thwvrxXiN4MUtkzBqTdD/AG:OFqs1QrwPThrn8tE9PvKqTdz
Behavioral task
behavioral1
Sample
b1c8ea27ae819eecf5517c6aed222e9d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b1c8ea27ae819eecf5517c6aed222e9d.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b1c8ea27ae819eecf5517c6aed222e9d.exe
-
Size
2.6MB
-
MD5
b1c8ea27ae819eecf5517c6aed222e9d
-
SHA1
132c66bab9a1666f49963c3da9b37d73eba4a43b
-
SHA256
4f487e7b86b7c1dcf52cb3016dda1c1a13c1489edd6f235836268d61834450d9
-
SHA512
1cdae52ee45bbe91403c9df4f38db5ddb2822b11348a0acc99a0af51df9a9b4ef7fe2f574ddc73aa83f7eb73f146baff1a5cdcf73bd23ac237dd5dcd3d39482a
-
SSDEEP
49152:ON8JWqOQE1IEmQfIvITTT7VrKMMS8thwvrxXiN4MUtkzBqTdD/AG:OFqs1QrwPThrn8tE9PvKqTdz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1