Overview

overview

9

Static

static

3

SimpleToolZ.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SimpleToolZ.exe

  • Size

    56.5MB

  • Sample

    240701-dn49csvamf

  • MD5

    d096ccc62bc5ca43fdaecdeb60579aaf

  • SHA1

    ec7ea18a482a749f7d0c02a3e7c0c695ce28b74e

  • SHA256

    b8b9a275dd7074b5169977ea5e71d0399845e88408d94b71878a7950d926c316

  • SHA512

    006bd3eca1a2d6b16ffd1cb46e0066756eb57abb9b618454a186b1d1fd237bfed23c0bfe197ada61520a9d5e98b2bf360beb528a46687ae5e3c9da60ccd923b2

  • SSDEEP

    1572864:amKm5eNXA90p2N+iUgK1EEZBplhSwPTMSnhXQYoeQBPd:t5ec6C+imvrM0QYoeu1

Score
9/10
evasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      SimpleToolZ.exe

    • Size

      56.5MB

    • MD5

      d096ccc62bc5ca43fdaecdeb60579aaf

    • SHA1

      ec7ea18a482a749f7d0c02a3e7c0c695ce28b74e

    • SHA256

      b8b9a275dd7074b5169977ea5e71d0399845e88408d94b71878a7950d926c316

    • SHA512

      006bd3eca1a2d6b16ffd1cb46e0066756eb57abb9b618454a186b1d1fd237bfed23c0bfe197ada61520a9d5e98b2bf360beb528a46687ae5e3c9da60ccd923b2

    • SSDEEP

      1572864:amKm5eNXA90p2N+iUgK1EEZBplhSwPTMSnhXQYoeQBPd:t5ec6C+imvrM0QYoeu1

    Score
    9/10
    evasionexecutionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Creates new service(s)

      persistenceexecution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix

Tasks