e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
General
Target
Size
Sample
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
3MB
220116-jnzxjafcf4
Score
9 /10
MD5
SHA1
SHA256
SHA512
978b7f1dba9746c29ac4b61bc219bd7b
f498e5ebf211bace3e027a1596edfdcf7900317c
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
dbdba57e4af16966d814bb0fafec867be05dd33381ab3140cb99249a7df57f7a09f69bdec5909d00a7268fda7574be3e738561bf094b211e3e9d5c6fb126da08
Malware Config
Targets
Target
MD5
Filesize
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
978b7f1dba9746c29ac4b61bc219bd7b
3MB
Score
9/10
SHA1
SHA256
SHA512
f498e5ebf211bace3e027a1596edfdcf7900317c
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
dbdba57e4af16966d814bb0fafec867be05dd33381ab3140cb99249a7df57f7a09f69bdec5909d00a7268fda7574be3e738561bf094b211e3e9d5c6fb126da08
Tags
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Drops startup file
-
Themida packer
Description
Detects Themida, an advanced Windows software protection system.
Tags
-
Checks whether UAC is enabled
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks