General
-
Target
00FT05015S92J1183l13ISG6692_19953.msi
-
Size
18.5MB
-
Sample
211213-shj4kadga9
-
MD5
a44126dd777cfeea52af89ce9474bf41
-
SHA1
bc2e4d3883f242fb5b9d15eba9c22d690782194d
-
SHA256
ac1abaa2754577ccd7b96061bf15a8c8af6cd9ffe440ef6bfed1ff62280b38cc
-
SHA512
5e1748343e074f2bbfe98b1da86a0609ba50b2f631a9f99e99fed277e78edf9754d11979b9098c4e9d8a663c9e7e9d397d0b262258b957b40c91c67937cf1aa1
Malware Config
Targets
-
-
Target
00FT05015S92J1183l13ISG6692_19953.msi
-
Size
18.5MB
-
MD5
a44126dd777cfeea52af89ce9474bf41
-
SHA1
bc2e4d3883f242fb5b9d15eba9c22d690782194d
-
SHA256
ac1abaa2754577ccd7b96061bf15a8c8af6cd9ffe440ef6bfed1ff62280b38cc
-
SHA512
5e1748343e074f2bbfe98b1da86a0609ba50b2f631a9f99e99fed277e78edf9754d11979b9098c4e9d8a663c9e7e9d397d0b262258b957b40c91c67937cf1aa1
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-