8fd56b6131390d2d8c7ccb008304aa74
8fd56b6131390d2d8c7ccb008304aa74
2MB
210926-q5tv6sehf3
8fd56b6131390d2d8c7ccb008304aa74
4042cfb3aacfcc899c1753b4bb3d7e692219e6f0
b0586fab8481d6a24fa8b4213a3eb6b38d88945815e53802f36e30cd0f92b1df
8750fc17cce5fbbf1b9fd3519ea602ac387a28d1cf5b2fe95eab463374215c5f2f2ca951aaa05180569f546349bd56ef23ac6a47c5946eedfb0a57636f58fd4e
8fd56b6131390d2d8c7ccb008304aa74
8fd56b6131390d2d8c7ccb008304aa74
2MB
4042cfb3aacfcc899c1753b4bb3d7e692219e6f0
b0586fab8481d6a24fa8b4213a3eb6b38d88945815e53802f36e30cd0f92b1df
8750fc17cce5fbbf1b9fd3519ea602ac387a28d1cf5b2fe95eab463374215c5f2f2ca951aaa05180569f546349bd56ef23ac6a47c5946eedfb0a57636f58fd4e
Tags
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Themida packer
Description
Detects Themida, an advanced Windows software protection system.
Tags
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger