General
-
Target
SecuriteInfo.com.Win32.Packed.Themida.HKO.8521
-
Size
5.3MB
-
Sample
200711-pzkmyg3qja
-
MD5
b24dc2820886e748d1619d824c898bc2
-
SHA1
867e772a9e9bd75196f5f94e5802f9ee6e370c5c
-
SHA256
32c17a6caeed78f79e06de58d5229927f77bc8c6b4865b41289d4da886a07df4
-
SHA512
32bfaaa84c8cb15b988107d56b0a8645ba394da47e027026219afd8c8f7772b2697dc9e222229f860572deb871fbd22f6dbaeb528dd28f1219fd3a5ee2b674a2
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Packed.Themida.HKO.8521.exe
Resource
win7v200430
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.Packed.Themida.HKO.8521
-
Size
5.3MB
-
MD5
b24dc2820886e748d1619d824c898bc2
-
SHA1
867e772a9e9bd75196f5f94e5802f9ee6e370c5c
-
SHA256
32c17a6caeed78f79e06de58d5229927f77bc8c6b4865b41289d4da886a07df4
-
SHA512
32bfaaa84c8cb15b988107d56b0a8645ba394da47e027026219afd8c8f7772b2697dc9e222229f860572deb871fbd22f6dbaeb528dd28f1219fd3a5ee2b674a2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-