General
-
Target
identifier
-
Size
168KB
-
Sample
240629-w74faatakh
-
MD5
542ad40c6c7bab9c0cac5046aa51ae3b
-
SHA1
64905f2cc6aae2a57fc2808754f07645587ba480
-
SHA256
52d0f50e487efce95d619e0973075e1e95c9f1c974a25274ac4937832e99d469
-
SHA512
00b4f0925d7ba654348f7effded19fc119aed2bd7ebc888663f927d847de21e41d836e19d94a6ee72fffc280b3bc7a2865b160ee6c47225059daf23cc72b90f0
-
SSDEEP
3072:6axYBp1m8VacYbi0Qpe2vADpu0He3uJEo06:5xgpw8IOumor
Static task
static1
Behavioral task
behavioral1
Sample
identifier.html
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
identifier
-
Size
168KB
-
MD5
542ad40c6c7bab9c0cac5046aa51ae3b
-
SHA1
64905f2cc6aae2a57fc2808754f07645587ba480
-
SHA256
52d0f50e487efce95d619e0973075e1e95c9f1c974a25274ac4937832e99d469
-
SHA512
00b4f0925d7ba654348f7effded19fc119aed2bd7ebc888663f927d847de21e41d836e19d94a6ee72fffc280b3bc7a2865b160ee6c47225059daf23cc72b90f0
-
SSDEEP
3072:6axYBp1m8VacYbi0Qpe2vADpu0He3uJEo06:5xgpw8IOumor
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Privilege Escalation
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1