General

  • Target

    disk spoofer.exe

  • Size

    841KB

  • Sample

    241126-bqf87stjgm

  • MD5

    e0234b0124913ff987332a30daf9c8aa

  • SHA1

    932c901ed2c80ab3fa5c4d20c908a3901736947c

  • SHA256

    1539c445b9a5e409cdd483bbdd41b682d43966ff4c9811b2c9294ff17c964ef2

  • SHA512

    1379979eb49cb0c5df93ca4855026e69a917292691e0bd1aeb483f34d7f27b909d9ecfc7c23e027f0d1a0855fce7a3780bcd6e8412646ae6945fbe693e1a3946

  • SSDEEP

    12288:B1YPOSYOiTn2Tqu+Ox6VPWLV2rqbZAWPKlzQsaOBuv/yVbZu3907mPE7dgRw:GYOisUVPWLmqVASKhQsuv4g3e7+muRw

Score
9/10

Malware Config

Targets

    • Target

      disk spoofer.exe

    • Size

      841KB

    • MD5

      e0234b0124913ff987332a30daf9c8aa

    • SHA1

      932c901ed2c80ab3fa5c4d20c908a3901736947c

    • SHA256

      1539c445b9a5e409cdd483bbdd41b682d43966ff4c9811b2c9294ff17c964ef2

    • SHA512

      1379979eb49cb0c5df93ca4855026e69a917292691e0bd1aeb483f34d7f27b909d9ecfc7c23e027f0d1a0855fce7a3780bcd6e8412646ae6945fbe693e1a3946

    • SSDEEP

      12288:B1YPOSYOiTn2Tqu+Ox6VPWLV2rqbZAWPKlzQsaOBuv/yVbZu3907mPE7dgRw:GYOisUVPWLmqVASKhQsuv4g3e7+muRw

    Score
    9/10
    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks