84a5a26f1748c3ad1f0b98c438908e8dc842eacc6390484527ee1fe7e56264f5 | Triage

Sharing

General

Target

c61f9a9059f8b8bd0e69f7df4cb09786
Size

3.5MB
Sample

220505-jeng5sfde5
MD5

c61f9a9059f8b8bd0e69f7df4cb09786
SHA1

70fffde0debf4559859617d49dc48c54df3c156d
SHA256

84a5a26f1748c3ad1f0b98c438908e8dc842eacc6390484527ee1fe7e56264f5
SHA512

6a838d9663517e1f89bf47f9ba85b72cd431f0d61c4db97e69516ffa313d8bdfc9f619eb51ead5215786e523b43cde3186300cf3bfab7408d580c66cd7d00453

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  c61f9a9059f8b8bd0e69f7df4cb09786
- Size
  
  3.5MB
- MD5
  
  c61f9a9059f8b8bd0e69f7df4cb09786
- SHA1
  
  70fffde0debf4559859617d49dc48c54df3c156d
- SHA256
  
  84a5a26f1748c3ad1f0b98c438908e8dc842eacc6390484527ee1fe7e56264f5
- SHA512
  
  6a838d9663517e1f89bf47f9ba85b72cd431f0d61c4db97e69516ffa313d8bdfc9f619eb51ead5215786e523b43cde3186300cf3bfab7408d580c66cd7d00453
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2