General

  • Target

    PN0wYEDIiaYw.exe

  • Size

    13.9MB

  • Sample

    241117-qqvtxs1clc

  • MD5

    35b50f3d52b9350017509e40353bb4cc

  • SHA1

    53dde65d8ed3b57684b41f5846dc8cfb6d4f0f51

  • SHA256

    cd22c6fea23c6f161a88411b46caf6d8f9342089d828245d9b18d19091d24f3f

  • SHA512

    fa9555d5e365a95b5eb334e41ca979f07c41a89dd755f7bcbf989280457082a9b4e77d9417ed13cbb8d8443ef72d6545eaa94eae4dbd262ef5574a6c2651c300

  • SSDEEP

    393216:9JzWUq3UKKeizYH2jBkzv7qZ/CMKGvZ/0ZtCHl:95W1nezCTzDAC1GxvHl

Malware Config

Targets

    • Target

      PN0wYEDIiaYw.exe

    • Size

      13.9MB

    • MD5

      35b50f3d52b9350017509e40353bb4cc

    • SHA1

      53dde65d8ed3b57684b41f5846dc8cfb6d4f0f51

    • SHA256

      cd22c6fea23c6f161a88411b46caf6d8f9342089d828245d9b18d19091d24f3f

    • SHA512

      fa9555d5e365a95b5eb334e41ca979f07c41a89dd755f7bcbf989280457082a9b4e77d9417ed13cbb8d8443ef72d6545eaa94eae4dbd262ef5574a6c2651c300

    • SSDEEP

      393216:9JzWUq3UKKeizYH2jBkzv7qZ/CMKGvZ/0ZtCHl:95W1nezCTzDAC1GxvHl

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • A potential corporate email address has been identified in the URL: [email protected]

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks