General

  • Target

    9a354bbb1c279d63e20bd628de5f57ebead58cd054ca40a75a44f0aa1e07b11d

  • Size

    6.2MB

  • Sample

    241031-lbgxaswaka

  • MD5

    5ca1e0cd0aecaf26133a6a676e5a6455

  • SHA1

    93f215b5c7e23a1c2161f79477596938fd95e91d

  • SHA256

    9a354bbb1c279d63e20bd628de5f57ebead58cd054ca40a75a44f0aa1e07b11d

  • SHA512

    66bd94bbdb02260021d1fd34fae3826ae3a16027073a2c903e8c6353dc9f166694073579328ba89afef8051ad829f4e5f8c71a3ee0072dd7153399cba441ab9f

  • SSDEEP

    196608:OIfICkWQIIxtRB/56GlZOyJI+UFw2Wu/i8j7I:LfICksWP/MGlZrIFw0NfI

Malware Config

Targets

    • Target

      9a354bbb1c279d63e20bd628de5f57ebead58cd054ca40a75a44f0aa1e07b11d

    • Size

      6.2MB

    • MD5

      5ca1e0cd0aecaf26133a6a676e5a6455

    • SHA1

      93f215b5c7e23a1c2161f79477596938fd95e91d

    • SHA256

      9a354bbb1c279d63e20bd628de5f57ebead58cd054ca40a75a44f0aa1e07b11d

    • SHA512

      66bd94bbdb02260021d1fd34fae3826ae3a16027073a2c903e8c6353dc9f166694073579328ba89afef8051ad829f4e5f8c71a3ee0072dd7153399cba441ab9f

    • SSDEEP

      196608:OIfICkWQIIxtRB/56GlZOyJI+UFw2Wu/i8j7I:LfICksWP/MGlZrIFw0NfI

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks