APP.exe.zip

General
Target

APP.exe.zip

Size

5MB

Sample

210924-bad4xafdfr

Score
9 /10
MD5

4f3669edb010f5db21b13a088182b8fe

SHA1

892447e55ff7a3ac5d26c573bb8eb4607b41ba1e

SHA256

b70b9039ec4b33987a991c5c20729eb3310d7406b8d15161037df3b21fd968bb

SHA512

a6c1911bd010c13630b9921fefbfd5a495ed3786e347c208602f25bd9e8f49be28d6711a971bd74f87f303bd312862fea730483045fd4b74410c76e9fbe59ea7

Malware Config
Targets
Target

APP.exe

MD5

a0b4d2c96937104bcffd21ce69885a59

Filesize

5MB

Score
9/10
SHA1

6cda6e2bee6d67a5f407e4d7e96af9d76bfa7c79

SHA256

72cb50e5791e1fcb11d24bc4cff3b44379a529c5549fbf6f500adcd67bfe9139

SHA512

17b1b4de1bddb7f357744ace07509481e80eb8a63fa9c39ee00ecd7eba3b03611eb0e2329e88e20b05e8a2655fa67a7b699c8455c1fa9aebeba4384151ae2ee0

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      7/10

                      behavioral1

                      9/10

                      behavioral2

                      9/10