General
-
Target
KoSys.exe
-
Size
2.7MB
-
Sample
241113-1qccpazfqq
-
MD5
c1bf0a8d5f9e9778c36015710d2235d1
-
SHA1
c88bbef9f2fd8714e281f7cd901a32cf85911507
-
SHA256
a8f2ceb7322fba1a3dddf6a3c45a589adc69a75f197e0aae6556939fd1c12beb
-
SHA512
27c360d3569870ba798ea0ea87cc786e86048bc79658fcbec9a223e77c2be0f80279cd1965e358cd3838930eea4cb71f900e7c3ca27996c168d0795c2c6ee15f
-
SSDEEP
49152:9yCz+3c6x8ET5daZ5LUbuOeY5RGJi7aRIwJAaDSC9:xz+3Ym5daZdjObRVeImAMh
Static task
static1
Behavioral task
behavioral1
Sample
KoSys.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
KoSys.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
KoSys.exe
-
Size
2.7MB
-
MD5
c1bf0a8d5f9e9778c36015710d2235d1
-
SHA1
c88bbef9f2fd8714e281f7cd901a32cf85911507
-
SHA256
a8f2ceb7322fba1a3dddf6a3c45a589adc69a75f197e0aae6556939fd1c12beb
-
SHA512
27c360d3569870ba798ea0ea87cc786e86048bc79658fcbec9a223e77c2be0f80279cd1965e358cd3838930eea4cb71f900e7c3ca27996c168d0795c2c6ee15f
-
SSDEEP
49152:9yCz+3c6x8ET5daZ5LUbuOeY5RGJi7aRIwJAaDSC9:xz+3Ym5daZdjObRVeImAMh
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
2