Resubmissions

13/11/2024, 21:50

241113-1qccpazfqq 10

General

  • Target

    KoSys.exe

  • Size

    2.7MB

  • Sample

    241113-1qccpazfqq

  • MD5

    c1bf0a8d5f9e9778c36015710d2235d1

  • SHA1

    c88bbef9f2fd8714e281f7cd901a32cf85911507

  • SHA256

    a8f2ceb7322fba1a3dddf6a3c45a589adc69a75f197e0aae6556939fd1c12beb

  • SHA512

    27c360d3569870ba798ea0ea87cc786e86048bc79658fcbec9a223e77c2be0f80279cd1965e358cd3838930eea4cb71f900e7c3ca27996c168d0795c2c6ee15f

  • SSDEEP

    49152:9yCz+3c6x8ET5daZ5LUbuOeY5RGJi7aRIwJAaDSC9:xz+3Ym5daZdjObRVeImAMh

Malware Config

Targets

    • Target

      KoSys.exe

    • Size

      2.7MB

    • MD5

      c1bf0a8d5f9e9778c36015710d2235d1

    • SHA1

      c88bbef9f2fd8714e281f7cd901a32cf85911507

    • SHA256

      a8f2ceb7322fba1a3dddf6a3c45a589adc69a75f197e0aae6556939fd1c12beb

    • SHA512

      27c360d3569870ba798ea0ea87cc786e86048bc79658fcbec9a223e77c2be0f80279cd1965e358cd3838930eea4cb71f900e7c3ca27996c168d0795c2c6ee15f

    • SSDEEP

      49152:9yCz+3c6x8ET5daZ5LUbuOeY5RGJi7aRIwJAaDSC9:xz+3Ym5daZdjObRVeImAMh

    • UAC bypass

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Modifies Windows Firewall

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks