Overview

overview

9

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://gofile.io/d/mgvPPO

  • Sample

    250508-g81cpa1ns6

Score
9/10
defense_evasiondiscoverytrojanupx

Malware Config

Targets

    • Target

      https://gofile.io/d/mgvPPO

    Score
    9/10
    defense_evasiondiscoverytrojanupx

    • Looks for VirtualBox Guest Additions in registry

      defense_evasion

    • Looks for VMWare Tools registry key

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »