General

  • Target

    Winlocker Builder v0.6.rar

  • Size

    1.7MB

  • Sample

    250127-zdy59avkc1

  • MD5

    392116260c9688561bf4388a6688802a

  • SHA1

    ca96d5d4a5d09d3907777bf515d4ef872229ec06

  • SHA256

    db1ed914707af2fc9d0f262dbc8951d00d83ae59f5955dafbe7778e5f1ba5e06

  • SHA512

    c541116c6bb88a3833c9a48532a5c4fdf78235028b7e6a9d497f77b9b7736056c4273eb4937ae5c28aa03bc8236598881d987679abdca15e981c891828cf7c59

  • SSDEEP

    49152:4HrKncTTQ0NKlQkkq1/vZWuRqbFCekOE0bxo:PcT00eT1nZWSOr+

Score
9/10

Malware Config

Targets

    • Target

      Winlocker Builder v0.6.rar

    • Size

      1.7MB

    • MD5

      392116260c9688561bf4388a6688802a

    • SHA1

      ca96d5d4a5d09d3907777bf515d4ef872229ec06

    • SHA256

      db1ed914707af2fc9d0f262dbc8951d00d83ae59f5955dafbe7778e5f1ba5e06

    • SHA512

      c541116c6bb88a3833c9a48532a5c4fdf78235028b7e6a9d497f77b9b7736056c4273eb4937ae5c28aa03bc8236598881d987679abdca15e981c891828cf7c59

    • SSDEEP

      49152:4HrKncTTQ0NKlQkkq1/vZWuRqbFCekOE0bxo:PcT00eT1nZWSOr+

    Score
    9/10
    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks