General
-
Target
https://cdn.discordapp.com/attachments/1316471017715273948/1320492310437560473/mirage_v1.0.6.rar?ex=6795f60c&is=6794a48c&hm=8b04c15a4636de70f287a6329a865d85ba6f1ebb544f917d997846378f140695&
-
Sample
250125-xty43sylen
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1316471017715273948/1320492310437560473/mirage_v1.0.6.rar?ex=6795f60c&is=6794a48c&hm=8b04c15a4636de70f287a6329a865d85ba6f1ebb544f917d997846378f140695&
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1316471017715273948/1320492310437560473/mirage_v1.0.6.rar?ex=6795f60c&is=6794a48c&hm=8b04c15a4636de70f287a6329a865d85ba6f1ebb544f917d997846378f140695&
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Probable phishing domain
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Virtualization/Sandbox Evasion
1