Overview

overview

8

Static

static

1

VirtualBox...in.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirtualBox-7.1.6-167084-Win.exe

  • Size

    117.3MB

  • Sample

    250125-21fzastjgt

  • MD5

    8addd310d09249bc176c9c891aae41cb

  • SHA1

    81212ad29642b2b261df42d25ccd23fe715914d1

  • SHA256

    35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6

  • SHA512

    b6126211ade8b38215ea70692af8cff5e47cb922484a3f08e377edf01a4a1d9b865772f4703d6914d779faba95eb46f16266e6f05411efba4691bc6f411d1d77

  • SSDEEP

    3145728:Zqar23mGGWtNN/fdSqyI/LUs5DuFsdOKtVeBi4g:82GGOFfAqyI/7FdUAT

Score
8/10
defense_evasiondiscoverypersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      VirtualBox-7.1.6-167084-Win.exe

    • Size

      117.3MB

    • MD5

      8addd310d09249bc176c9c891aae41cb

    • SHA1

      81212ad29642b2b261df42d25ccd23fe715914d1

    • SHA256

      35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6

    • SHA512

      b6126211ade8b38215ea70692af8cff5e47cb922484a3f08e377edf01a4a1d9b865772f4703d6914d779faba95eb46f16266e6f05411efba4691bc6f411d1d77

    • SSDEEP

      3145728:Zqar23mGGWtNN/fdSqyI/LUs5DuFsdOKtVeBi4g:82GGOFfAqyI/7FdUAT

    Score
    8/10
    defense_evasiondiscoverypersistenceprivilege_escalationtrojan

    • Drops file in Drivers directory

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

2
T1120

Query Registry

5
T1012

System Information Discovery

6
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks