9eda5e863b1516929998b38ad6c0f8d9c575856198718f4c0b5f5038588e31eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc4912bd840edb6289e5e387ca8fa299.bin
Size

1.6MB
Sample

241015-cagepsxgqd
MD5

a0cf25cdc30bb777740cc676b5665b30
SHA1

f71009302a42655b22002f875691fb1aa9a5cca5
SHA256

9eda5e863b1516929998b38ad6c0f8d9c575856198718f4c0b5f5038588e31eb
SHA512

bba3a1a58426b377913e2d6edae0a4fd3984dace95f8fd099e70941a378a28fd3bbb2d5590057ba9327d94423dab2965c42625a52928cc952ca8cdb275fbf01a
SSDEEP

49152:PL3P8NTbwruBXi2VjNh4odnvQu41ovJEziEKEKf:PzP8NT0ruBXi2KuvQ16aeEjA

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  c1df7516de3589e7b784d1c92514eed70b346d5f3bb6097d2b02f21268bdfedb.exe
- Size
  
  1.7MB
- MD5
  
  fc4912bd840edb6289e5e387ca8fa299
- SHA1
  
  cb67b24cb712a88985ca63ccf18d15cc135908ba
- SHA256
  
  c1df7516de3589e7b784d1c92514eed70b346d5f3bb6097d2b02f21268bdfedb
- SHA512
  
  bf81d9fb2d6def2f5f4ce2ad649ad791a88788cb3352e122b08a3b9990c8f9bd106123fd8ce29552877c3f6debdaad4e41eac876204aeb29d09fbb0773c470f2
- SSDEEP
  
  24576:XtczvOmowUm9kOazocMfAuKn6zu2WVq4heNNpBGuRcBoNb5v7zhYilbgbg86p8HO:XtcimowHmoc6Au//WVqDl3zhFxgM
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan