General

  • Target

    47241b345de4eb4177705e586649da25

  • Size

    2.7MB

  • Sample

    220107-pf3akscbh7

  • MD5

    47241b345de4eb4177705e586649da25

  • SHA1

    2d8be32cb553f1b9b15b248efd51823a14eda39b

  • SHA256

    590d4f64a1063d7cdd9b224e7e73b6dd4b04dba2323e80aba08b4eff5eeb6fef

  • SHA512

    4255e00a8fc85ddc6fb0f80b3c79d9e96bdc3b1687c44c093fd7056d1edfee049478ccc28a1d264d71b68d3bcb3b6c0647a101ad93d51c741213aada61ab680a

Malware Config

Targets

    • Target

      47241b345de4eb4177705e586649da25

    • Size

      2.7MB

    • MD5

      47241b345de4eb4177705e586649da25

    • SHA1

      2d8be32cb553f1b9b15b248efd51823a14eda39b

    • SHA256

      590d4f64a1063d7cdd9b224e7e73b6dd4b04dba2323e80aba08b4eff5eeb6fef

    • SHA512

      4255e00a8fc85ddc6fb0f80b3c79d9e96bdc3b1687c44c093fd7056d1edfee049478ccc28a1d264d71b68d3bcb3b6c0647a101ad93d51c741213aada61ab680a

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks