General
-
Target
Saturn Free Temp.exe
-
Size
4.2MB
-
Sample
240428-jps6dabd4z
-
MD5
e6350586d1f6aacf8343125b758dfb1f
-
SHA1
5351a0c697e7c158d62f5e58484ba46787c952a8
-
SHA256
c38b3feb6e14a703ad96fdd30f43bb33fe96175be99b6e6caa39c585b5ad18fd
-
SHA512
93406b4356389d32862e2f01276e3da8ad3c398e5699f8716e222565bfce48298d3a0b0ded424cacd38d36d2f056108decb0ebf313e44a2c2dd470ac0fc11cb7
-
SSDEEP
98304:l7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6K0:U+y4ihkl/Wo/afHP
Static task
static1
Malware Config
Targets
-
-
Target
Saturn Free Temp.exe
-
Size
4.2MB
-
MD5
e6350586d1f6aacf8343125b758dfb1f
-
SHA1
5351a0c697e7c158d62f5e58484ba46787c952a8
-
SHA256
c38b3feb6e14a703ad96fdd30f43bb33fe96175be99b6e6caa39c585b5ad18fd
-
SHA512
93406b4356389d32862e2f01276e3da8ad3c398e5699f8716e222565bfce48298d3a0b0ded424cacd38d36d2f056108decb0ebf313e44a2c2dd470ac0fc11cb7
-
SSDEEP
98304:l7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6K0:U+y4ihkl/Wo/afHP
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-