General
-
Target
PlasmaPerm.exe
-
Size
2.0MB
-
Sample
241109-gy7zsaskcp
-
MD5
53f60234d2f23b0a56a4c4d01c235281
-
SHA1
edcf730e5a6e9d251135217cab566fee8b2089ad
-
SHA256
157022d90bfb8809c6f371c36d54fb90650dda68241f85890983e2a0c0021dc7
-
SHA512
465290c68b38991ba454c2149704330557496cd63951ca80b6520dfe9c8121a8a99e8ead8125fbc7462f514ee4994fcd2c70d57c30e87be106a5d71f98105461
-
SSDEEP
49152:LyFS0D21lmt9V7dmKZ+I/AjVMm5MVHWlC0g/2sv:o5sl89V7D+I/aMm5MmC0gusv
Static task
static1
Behavioral task
behavioral1
Sample
PlasmaPerm.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
PlasmaPerm.exe
-
Size
2.0MB
-
MD5
53f60234d2f23b0a56a4c4d01c235281
-
SHA1
edcf730e5a6e9d251135217cab566fee8b2089ad
-
SHA256
157022d90bfb8809c6f371c36d54fb90650dda68241f85890983e2a0c0021dc7
-
SHA512
465290c68b38991ba454c2149704330557496cd63951ca80b6520dfe9c8121a8a99e8ead8125fbc7462f514ee4994fcd2c70d57c30e87be106a5d71f98105461
-
SSDEEP
49152:LyFS0D21lmt9V7dmKZ+I/AjVMm5MVHWlC0g/2sv:o5sl89V7D+I/aMm5MmC0gusv
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2