255f17e80dfcbf94f8d2a1098dee2dd741a6d4560b3ca646a3402017a2c8dba3 | Triage

Sharing

General

Target

255f17e80dfcbf94f8d2a1098dee2dd741a6d4560b3ca646a3402017a2c8dba3.exe
Size

2.7MB
Sample

241121-ee4f5ssrdp
MD5

5dd4d4d1828c8bca8d339f1e113db959
SHA1

e8d1dc9e7bbee871050ac0b90f78fdb179dc36b9
SHA256

255f17e80dfcbf94f8d2a1098dee2dd741a6d4560b3ca646a3402017a2c8dba3
SHA512

102ab646d1c2fdcd22a3978b72159a741ba0e62d24856dcc1c1369780841fe6af6073c9d364cce58824338dc28878b5d9bdc37d2b2a1355d548ee5f7a8432236
SSDEEP

49152:KMIIhE5qLS+PNoDjcCidwPW1M8I57mt6JMbgfX:KMI4E5qPFCACHPn8I56t6JM

Score

10^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  255f17e80dfcbf94f8d2a1098dee2dd741a6d4560b3ca646a3402017a2c8dba3.exe
- Size
  
  2.7MB
- MD5
  
  5dd4d4d1828c8bca8d339f1e113db959
- SHA1
  
  e8d1dc9e7bbee871050ac0b90f78fdb179dc36b9
- SHA256
  
  255f17e80dfcbf94f8d2a1098dee2dd741a6d4560b3ca646a3402017a2c8dba3
- SHA512
  
  102ab646d1c2fdcd22a3978b72159a741ba0e62d24856dcc1c1369780841fe6af6073c9d364cce58824338dc28878b5d9bdc37d2b2a1355d548ee5f7a8432236
- SSDEEP
  
  49152:KMIIhE5qLS+PNoDjcCidwPW1M8I57mt6JMbgfX:KMI4E5qPFCACHPn8I56t6JM
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan